Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2341

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2341
Last Modified 07 Mar 2011 12:00:00
Published 11 May 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2341

Summary

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Vulnerable Systems

Application

  • Symantec Enterprise Firewall 8.0

  • Symantec Gateway Security 2.0.1

  • Symantec Gateway Security 3.0


References

SECTRACK - 1016058

SECTRACK - 1016057

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html

SECUNIA - 20082

XF - symantec-firewall-proxy-ip-disclosure(26370)

VUPEN - ADV-2006-1764

BID - 17936

BUGTRAQ - 20060512 SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure


Last Updated: 27 May 2016 10:42:26