Symantec Mail-Gear Directory Traversal Vulnerability

Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to.


 

Privacy Statement
Copyright 2010, SecurityFocus