5

CVE-2006-2341

Exploit

EPSS 8.87%
Veröffentlicht 12.05.2006 01:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symantec ≫ Enterprise Firewall Version8.0

Symantec ≫ Gateway Security Version2.0.1

Symantec ≫ Gateway Security Version3.0

Symantec ≫ Gateway Security Version5000_series_2.0.1

Symantec ≫ Gateway Security Version5000_series_3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.87%	0.917

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/20082

Patch

Vendor Advisory

http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html

Patch

Vendor Advisory

http://securitytracker.com/id?1016057

Patch

http://securitytracker.com/id?1016058

Patch

http://www.securityfocus.com/archive/1/433876/30/5040/threaded

http://www.securityfocus.com/bid/17936

Exploit

http://www.vupen.com/english/advisories/2006/1764

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/26370

https://nvd.nist.gov/vuln/detail/CVE-2006-2341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2341

EUVD