Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.802453
Categoría:Default Accounts
Título:Symantec Messaging Gateway Multiple Vulnerabilities
Resumen:This host is running Symantec Messaging Gateway and is prone to; multiple vulnerabilities.
Descripción:Summary:
This host is running Symantec Messaging Gateway and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to,

- Certain input passed via web or email content is not properly sanitised
before being returned to the user.

- The application allows users to perform certain actions via HTTP requests
without performing proper validity checks to verify the requests.

- An error within the management interface can be exploited to perform
otherwise restricted actions(modify the underlying web application).

- An SSH default passworded account that could potentially be leveraged by
an unprivileged user to attempt to gain additional privilege access.

- Disclose of excessive component version information during successful
reconnaissance.

Vulnerability Impact:
Successful exploitation will allow attackers to bypass certain security
restrictions, disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.

Affected Software/OS:
Symantec Messaging Gateway version 9.5.x.

Solution:
Upgrade to Symantec Messaging Gateway version 10.0 or later.

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 55138
BugTraq ID: 55137
BugTraq ID: 55143
BugTraq ID: 55141
BugTraq ID: 55142
Common Vulnerability Exposure (CVE) ID: CVE-2012-0307
http://www.securityfocus.com/bid/55138
XForce ISS Database: symantec-gateway-unspec-xss(78031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78031
Common Vulnerability Exposure (CVE) ID: CVE-2012-0308
http://www.securityfocus.com/bid/55137
Common Vulnerability Exposure (CVE) ID: CVE-2012-3579
http://www.securityfocus.com/bid/55143
http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html
XForce ISS Database: symantec-gateway-default-password(78034)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78034
Common Vulnerability Exposure (CVE) ID: CVE-2012-3580
http://www.securityfocus.com/bid/55141
XForce ISS Database: symantec-gateway-interface-sec-bypass(78032)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78032
Common Vulnerability Exposure (CVE) ID: CVE-2012-3581
http://www.securityfocus.com/bid/55142
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.