Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE(CVE-2017-6327)

Bug 1: Web authentication bypass The web management interface is available via HTTPS, and you can't do much without logging in. If the current session identified by the JSESSIONID cookie has the user attribute set, the session is considered authenticated. The file LoginAction.class defines a numb...

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as roo...