English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802453
Category:Default Accounts
Title:Symantec Messaging Gateway < 10.0 Multiple Vulnerabilities
Summary:Symantec Messaging Gateway is prone to multiple vulnerabilities.
Description:Summary:
Symantec Messaging Gateway is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Certain input passed via web or email content is not properly sanitised
before being returned to the user.

- The application allows users to perform certain actions via HTTP requests
without performing proper validity checks to verify the requests.

- An error within the management interface can be exploited to perform
otherwise restricted actions(modify the underlying web application).

- An SSH default passworded account that could potentially be leveraged by
an unprivileged user to attempt to gain additional privilege access.

- Disclose of excessive component version information during successful
reconnaissance.

Vulnerability Impact:
Successful exploitation will allow attackers to bypass certain security
restrictions, disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.

Affected Software/OS:
Symantec Messaging Gateway version 9.5.x.

Solution:
Upgrade to Symantec Messaging Gateway version 10.0 or later.

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0307
BugTraq ID: 55138
http://www.securityfocus.com/bid/55138
XForce ISS Database: symantec-gateway-unspec-xss(78031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78031
Common Vulnerability Exposure (CVE) ID: CVE-2012-0308
BugTraq ID: 55137
http://www.securityfocus.com/bid/55137
Common Vulnerability Exposure (CVE) ID: CVE-2012-3579
BugTraq ID: 55143
http://www.securityfocus.com/bid/55143
http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html
XForce ISS Database: symantec-gateway-default-password(78034)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78034
Common Vulnerability Exposure (CVE) ID: CVE-2012-3580
BugTraq ID: 55141
http://www.securityfocus.com/bid/55141
XForce ISS Database: symantec-gateway-interface-sec-bypass(78032)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78032
Common Vulnerability Exposure (CVE) ID: CVE-2012-3581
BugTraq ID: 55142
http://www.securityfocus.com/bid/55142
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.