This host is running Symantec Messaging Gateway and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to bypass certain security restrictions, disclose certain sensitive information and conduct cross-site scripting and request forgery attacks. Impact Level: System/Application

Upgrade to Symantec Messaging Gateway version 10.0 or later, For updates refer to http://www.symantec.com/messaging-gateway

Multiple flaws are due to, - Certain input passed via web or email content is not properly sanitised before being returned to the user. - The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. - An error within the management interface can be exploited to perform otherwise restricted actions(modify the underlying web application). - An SSH default passworded account that could potentially be leveraged by an unprivileged user to attempt to gain additional privilege access. - Disclose of excessive component version information during successful reconnaissance.

Symantec Messaging Gateway version 9.5.x

• http://www.securelist.com/en/advisories/50435
• http://www.securityfocus.com/archive/1/524060
• http://www.securitytracker.com/id/1027449
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00
• https://www.hkcert.org/my_url/en/alert/12082901

---

Updated on 2015-03-25