Symantec Mail-Gear 1.0 Directory Traversal Reported November 29, 1999 by USSRLABS
Symantec"s Mail-Gear has a Web-based administration service that listens on port 8003. The service is vulnerable to directory traversal using specific URL patterns. DEMONSTRATION By using a syntax similar to that shown below, file contents may be revealed. http://ServerIp:8003/Display?what=../../../../../autoexec.bat VENDOR RESPONSE Symantec has corrected the problem in their new Mail-Gear v1.1.
Discovered by USSRLABS |
0 comments
Hide comments