CVE-2006-2341

Sažetak

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Reference

http://secunia.com/advisories/20082
http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html
http://securitytracker.com/id?1016057
http://securitytracker.com/id?1016058
http://www.securityfocus.com/archive/1/433876/30/5040/threaded
http://www.securityfocus.com/bid/17936
http://www.vupen.com/english/advisories/2006/1764
https://exchange.xforce.ibmcloud.com/vulnerabilities/26370

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:39

Objavljeno

12-05-2006 - 01:02