CVE-2006-0232
First published: Tue Apr 25 2006(Updated: )
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Antivirus | =5.0.0.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
- http://www.symantec.com/avcenter/security/Content/2006.04.21.html
- http://www.securityfocus.com/bid/17637
- http://securitytracker.com/id?1015974
- http://secunia.com/advisories/19734
- http://securityreason.com/securityalert/758
- http://securityreason.com/securityalert/759
- http://www.vupen.com/english/advisories/2006/1464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25974
- http://www.securityfocus.com/archive/1/431734/100/0/threaded
- http://www.securityfocus.com/archive/1/431728/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0232?
CVE-2006-0232 has a moderate severity level due to the potential for unauthorized access to sensitive information.
How do I fix CVE-2006-0232?
To fix CVE-2006-0232, update the Symantec Scan Engine to version 5.1.0.7 or later, which addresses the access control issue.
What versions of Symantec Scan Engine are affected by CVE-2006-0232?
CVE-2006-0232 affects Symantec Scan Engine version 5.0.0.24 and possibly earlier versions prior to 5.1.0.7.
What kind of files are exposed due to CVE-2006-0232?
CVE-2006-0232 exposes sensitive log and virus definition files that can be accessed by remote attackers.
Can remote attackers exploit CVE-2006-0232 easily?
Yes, remote attackers can exploit CVE-2006-0232 easily by making direct requests to the vulnerable web server.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec antivirus
- version/symantec antivirus/5.0.0.24