Main
Vulnerability Database
Exploits
ID:409 - Exploit for Information disclosure in Symantec Messaging Gateway - CVE-2016-5312
ID:409 - Exploit for Information disclosure in Symantec Messaging Gateway - CVE-2016-5312
Published: March 18, 2020
Vulnerability identifier: #VU668
Vulnerability risk: Low
CVE-ID: CVE-2016-5312
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Symantec Messaging Gateway
Symantec Messaging Gateway
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated user to obtain files on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
Remediation
Update to 10.6.2.