TUCoPS :: Web :: Servers :: mailgear.htm

Mail-Gear 1.0 Web Interface Server Directory traversal vulnerability 
Vulnerability

    Mail-Gear

Affected

    Symantec Mail-Gear 1.0

Description

    UssrLabs  found  a  Symantec  Mail-Gear  1.0  Web interface Server
    Directory Traversal Vulnerability Using the string '../' in a URL,
    an  attacker  can  gain  read  access  to  any file outside of the
    intended web-published  filesystem directory.   There is  not much
    to expand on this one....  Example:

        http://ServerIp:8003/Display?what=../../../../../autoexec.bat

    to show autoexec.bat

Solution

    Upgrade to Symantec Mail-Gear 1.1

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH