Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0232

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0232
Last Modified 07 Mar 2011 09:29:37
Published 24 Apr 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0232

Summary

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

Vulnerable Systems

Application

  • Symantec Antivirus Scan Engine 5.0.0.24


References

VULNWATCH - 20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability

VUPEN - ADV-2006-1464

XF - sse-unauth-file-access(25974)

CONFIRM - http://www.symantec.com/avcenter/security/Content/2006.04.21.html

BID - 17637

BUGTRAQ - 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities

SECTRACK - 1015974

SREASON - 759

SREASON - 758

SECUNIA - 19734


Last Updated: 27 May 2016 10:41:35