Information Disclosure Vulnerability in Symantec Enterprise Firewall and Raptor Secure Webserver
CVE-2002-1535

Currently unrated

Key Information:

Vendor: Symantec
Status: Raptor Firewall; Enterprise Firewall
Vendor: CVE Published:; 31 March 2003

Summary

An information disclosure vulnerability exists in Symantec Enterprise Firewall and Raptor Secure Webserver that permits remote attackers to potentially identify internal IP addresses. This occurs through a CONNECT request, which triggers varying error messages depending on the presence of specific hosts. The presence of these messages may lead attackers to infer critical network information.

References

http://www.securityfocus.com/bid/5959

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10363.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-10/01...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 31, 2003
Vulnerability Reserved
Feb 23, 2003