Описание
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- Patch
- Exploit
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- Patch
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symantec:enterprise_firewall:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:gateway_security:3.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:h:symantec:gateway_security:5000_series_2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:symantec:gateway_security:5000_series_3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.101
Средний
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
EPSS
Процентиль: 93%
0.101
Средний
5 Medium
CVSS2
Дефекты
CWE-200