The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
References
Link | Resource |
---|---|
http://secunia.com/advisories/20082 | Patch Vendor Advisory |
http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html | Patch Vendor Advisory |
http://securitytracker.com/id?1016057 | Patch |
http://securitytracker.com/id?1016058 | Patch |
http://www.securityfocus.com/archive/1/433876/30/5040/threaded | |
http://www.securityfocus.com/bid/17936 | Exploit |
http://www.vupen.com/english/advisories/2006/1764 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/26370 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2006-05-12 01:02
Updated : 2024-02-28 10:42
NVD link : CVE-2006-2341
Mitre link : CVE-2006-2341
CVE.ORG link : CVE-2006-2341
JSON object : View
Products Affected
symantec
- gateway_security
- enterprise_firewall
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor