📚 CVE-2016-5312 | Symantec Messaging Gateway up to 10.6.0 Charting ChartStream.java doGet sn path traversal (ID 138891 / EDB-40437)
A vulnerability was found in Symantec Messaging Gateway up to 10.6.0. It has been classified as critical. Affected is the function
doGet of the file com/ve/kavachart/servlet/ChartStream.java of the component Charting. The manipulation of the argument sn with the input
../../WEB-INF/lib leads to path traversal.
This vulnerability is traded as CVE-2016-5312. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component. ...