5

CVE-2006-2341

Exploit

EPSS 8.87%
Published 12.05.2006 01:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Enterprise Firewall Version8.0

Symantec ≫ Gateway Security Version2.0.1

Symantec ≫ Gateway Security Version3.0

Symantec ≫ Gateway Security Version5000_series_2.0.1

Symantec ≫ Gateway Security Version5000_series_3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.87%	0.917

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/20082

Patch

Vendor Advisory

http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html

Patch

Vendor Advisory

http://securitytracker.com/id?1016057

Patch

http://securitytracker.com/id?1016058

Patch

http://www.securityfocus.com/archive/1/433876/30/5040/threaded

http://www.securityfocus.com/bid/17936

Exploit

http://www.vupen.com/english/advisories/2006/1764

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/26370

https://nvd.nist.gov/vuln/detail/CVE-2006-2341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2341

EUVD