header-logo
Suggest Exploit
vendor:
Brightmail anti-spam
by:
4
CVSS
MEDIUM
Unauthorized Message Disclosure
200
CWE
Product Name: Brightmail anti-spam
Affected Version From: Symantec Brightmail anti-spam 6.0
Affected Version To:
Patch Exists: No
Related CWE:
CPE: a:symantec:brightmail_anti-spam:6.0
Metasploit:
Other Scripts:
Platforms Tested:

Symantec Brightmail anti-spam unauthorized message disclosure vulnerability

The Brightmail anti-spam control center in Symantec Brightmail anti-spam is prone to an unauthorized message disclosure vulnerability. A remote attacker can exploit this vulnerability to read users' filtered email by manipulating a specific URL parameter.

Mitigation:

The vendor has not provided a specific mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10657/info

Symantec Brightmail anti-spam is reported prone to an unauthorized message disclosure vulnerability.

This issue exists in the Brightmail anti-spam control center. Due to improper access validation a remote attacker can read users' filtered email.

Symantec Brightmail anti-spam 6.0 is reported prone to this issue, however, other versions may be affected as well.

/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-[some-value]

Navigation

Suggest Exploit

Services By CQR

cqrsecured