CVE-2016-5306: Infoleak
First published: Thu Jun 30 2016(Updated: )
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Endpoint Protection | <=12.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5306?
CVE-2016-5306 is classified as a medium severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2016-5306?
To fix CVE-2016-5306, upgrade Symantec Endpoint Protection Manager to version 12.1 RU6 MP5 or later.
What is the impact of CVE-2016-5306?
The impact of CVE-2016-5306 allows remote attackers to intercept unintended HTTP traffic and potentially access sensitive information.
Which versions of Symantec Endpoint Protection are affected by CVE-2016-5306?
CVE-2016-5306 affects Symantec Endpoint Protection Manager versions prior to 12.1 RU6 MP5.
Does CVE-2016-5306 allow remote attacks?
Yes, CVE-2016-5306 makes it easier for remote attackers to obtain information by sniffing the network traffic.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec endpoint protection
- version/symantec endpoint protection/12.1.6