Directory Traversal Vulnerabilities in Symantec Brightmail AntiSpam
CVE-2006-4013

Currently unrated

Key Information:

Vendor: Symantec
Status: Brightmail Antispam
Vendor: CVE Published:; 7 August 2006

Summary

The Brightmail AntiSpam application from Symantec has multiple directory traversal vulnerabilities, allowing remote attackers to exploit improperly secured interfaces. Specifically, the vulnerabilities exist within DATABLOB-GET and DATABLOB-SAVE requests when the Control Center allows connections from any external computer. These flaws can be exploited to read and overwrite sensitive files on the server, potentially leading to further security breaches and data exposure.

References

http://securitytracker.com/id?1016600

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/27590

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/19182

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 7, 2006
Vulnerability Reserved
Aug 7, 2006