Vulnerability Description
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Messaging Gateway | < 10.6.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102096Third Party AdvisoryVDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securiVendor Advisory
- http://www.securityfocus.com/bid/102096Third Party AdvisoryVDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securiVendor Advisory
FAQ
What is CVE-2017-15532?
CVE-2017-15532 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are store...
How severe is CVE-2017-15532?
CVE-2017-15532 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15532?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Messaging Gateway.