First published: Wed Dec 20 2017(Updated: )
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
Credit: secure@symantec.com
Affected Software | Affected Version | How to fix |
---|---|---|
Symantec Messaging Gateway | <10.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15532 is a vulnerability in Symantec Messaging Gateway that allows for a path traversal attack.
CVE-2017-15532 allows an attacker to access files and directories outside the web root folder by manipulating variables.
CVE-2017-15532 has a severity score of 5.7, which is considered medium.
Symantec Messaging Gateway prior to version 10.6.4 is affected by CVE-2017-15532.
To fix CVE-2017-15532, it is recommended to update Symantec Messaging Gateway to version 10.6.4 or later.