CVE-2006-2341

medium

Description

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26370

http://www.vupen.com/english/advisories/2006/1764

http://www.securityfocus.com/archive/1/433876/30/5040/threaded

http://securitytracker.com/id?1016058

http://securitytracker.com/id?1016057

http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html

http://secunia.com/advisories/20082

Details

Source: Mitre, NVD

Published: 2006-05-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.08868