The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 00:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/20082 - Patch, Vendor Advisory | |
References | () http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html - Patch, Vendor Advisory | |
References | () http://securitytracker.com/id?1016057 - Patch | |
References | () http://securitytracker.com/id?1016058 - Patch | |
References | () http://www.securityfocus.com/archive/1/433876/30/5040/threaded - | |
References | () http://www.securityfocus.com/bid/17936 - Exploit | |
References | () http://www.vupen.com/english/advisories/2006/1764 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/26370 - |
Information
Published : 2006-05-12 01:02
Updated : 2024-11-21 00:11
NVD link : CVE-2006-2341
Mitre link : CVE-2006-2341
CVE.ORG link : CVE-2006-2341
JSON object : View
Products Affected
symantec
- enterprise_firewall
- gateway_security
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor