CVE-2017-15532: Path Traversal
First published: Wed Dec 20 2017(Updated: )
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Messaging Gateway | <10.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15532?
CVE-2017-15532 is a vulnerability in Symantec Messaging Gateway that allows for a path traversal attack.
How does CVE-2017-15532 work?
CVE-2017-15532 allows an attacker to access files and directories outside the web root folder by manipulating variables.
What is the severity of CVE-2017-15532?
CVE-2017-15532 has a severity score of 5.7, which is considered medium.
Which version of Symantec Messaging Gateway is affected by CVE-2017-15532?
Symantec Messaging Gateway prior to version 10.6.4 is affected by CVE-2017-15532.
How can I fix CVE-2017-15532?
To fix CVE-2017-15532, it is recommended to update Symantec Messaging Gateway to version 10.6.4 or later.
- collector/nvd-index
- agent/references
- agent/severity
- vendor/symantec
- canonical/symantec messaging gateway