File Disclosure Vulnerability in Symantec Scan Engine
CVE-2006-0232

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine
Vendor: CVE Published:; 25 April 2006

Summary

The vulnerability arises from insufficient access control in the Symantec Scan Engine, which allows the storage of sensitive log files and virus definitions in the web root directory. This misconfiguration could enable remote attackers to exploit direct requests, thereby gaining unauthorized access to critical information. This poses a significant risk to data security, necessitating prompt remediation.

References

http://www.securityfocus.com/bid/17637

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/431728/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/19734

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2006
Vulnerability Reserved
Jan 17, 2006