CVE-2006-2341: Infoleak
First published: Fri May 12 2006(Updated: )
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Enterprise Firewall | =8.0 | |
| Symantec Gateway Security | =2.0.1 | |
| Symantec Gateway Security | =3.0 | |
| Symantec Gateway Security | =5000_series_2.0.1 | |
| Symantec Gateway Security | =5000_series_3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html
- http://www.securityfocus.com/bid/17936
- http://securitytracker.com/id?1016057
- http://securitytracker.com/id?1016058
- http://secunia.com/advisories/20082
- http://www.vupen.com/english/advisories/2006/1764
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26370
- http://www.securityfocus.com/archive/1/433876/30/5040/threaded
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/symantec
- canonical/symantec enterprise firewall
- version/symantec enterprise firewall/8.0
- canonical/symantec gateway security
- version/symantec gateway security/2.0.1
- version/symantec gateway security/3.0
- version/symantec gateway security/5000_series_2.0.1
- version/symantec gateway security/5000_series_3.0