Vulnerability Description
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Brightmail Antispam | 4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/21223PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.htmlPatchVendor Advisory
- http://securitytracker.com/id?1016600Patch
- http://www.osvdb.org/27589
- http://www.osvdb.org/27590
- http://www.securityfocus.com/bid/19182
- http://www.vupen.com/english/advisories/2006/3018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28059
- http://secunia.com/advisories/21223PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.htmlPatchVendor Advisory
- http://securitytracker.com/id?1016600Patch
- http://www.osvdb.org/27589
- http://www.osvdb.org/27590
- http://www.securityfocus.com/bid/19182
FAQ
What is CVE-2006-4013?
CVE-2006-4013 is a vulnerability with a CVSS score of 7.6 (HIGH). Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and ov...
How severe is CVE-2006-4013?
CVE-2006-4013 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4013?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Brightmail Antispam.