CVE-2016-5312 — MEDIUM (6.5)

Q: How severe is CVE-2016-5312?

CVE-2016-5312 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5312?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Messaging Gateway.

Vulnerability Description

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Symantec	Messaging Gateway	<= 10.6.1

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-DiExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Sep/71ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/93148Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036908Third Party AdvisoryVDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
https://www.exploit-db.com/exploits/40437/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-DiExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Sep/71ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/93148Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036908Third Party AdvisoryVDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
https://www.exploit-db.com/exploits/40437/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-5312?

CVE-2016-5312 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter...

How severe is CVE-2016-5312?

CVE-2016-5312 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5312?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Messaging Gateway.