Symantec Messaging Gateway 10.x < 10.6.4 Directory Traversal Vulnerability (SYM17-016)

This script is Copyright (C) 2018 Tenable Network Security, Inc.


Synopsis :

A messaging security application running on the remote host is
affected by a directory traversal vulnerability.

Description :

According to its self-reported version number, the Symantec Messaging
Gateway (SMG) running on the remote host is 10.x prior to 10.6.4.
It is, therefore, affected by a directory traversal vulnerability as
described in the vendor advisory.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?3fb2fd3d

Solution :

Upgrade to Symantec Messaging Gateway (SMG) version 10.6.4 or
later.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:A/AC:L/Au:S/C:C/I:N/A:N)
CVSS Temporal Score : 4.5
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 105509 ()

Bugtraq ID: 102096

CVE ID: CVE-2017-15532

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now