CVE-2006-0232 - Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and

CVE-2006-0232

Summary

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

References

Vulnerable Configurations

cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	17637
bugtraq	20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
confirm	http://www.symantec.com/avcenter/security/Content/2006.04.21.html
sectrack	1015974
secunia	19734
sreason	758 759
vulnwatch	20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
vupen	ADV-2006-1464
xf	sse-unauth-file-access(25974)

Last major update

19-10-2018 - 15:43

Published

25-04-2006 - 01:02

Last modified

19-10-2018 - 15:43