CVE-2006-0232

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine
Vendor: CVE Published:; 25 April 2006

Summary

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

References

http://www.securityfocus.com/bid/17637

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/431728/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/19734

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2006
Vulnerability Reserved
Jan 17, 2006