CVE-2002-1535
CVSS5.0
发布时间 :2003-03-31 00:00:00
修订时间 :2008-09-05 16:30:51
NMCOS    

[原文]Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.


[CNNVD]多个Symantec HTTP代理信息泄露漏洞(CNNVD-200303-098)

        Raptor 6.5和Symantec Enterprise Firewall 6.5.2中的Secure Webserver 1.1存在漏洞。远程攻击者可以借助一个CONNECT请求识别内部网络的主机IP地址,该漏洞在主机在线的情况下可以产生不同的错误信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:raptor_firewall:6.5.3Symantec Raptor Firewall 6.5.3
cpe:/a:symantec:raptor_firewall:6.5Symantec Raptor Firewall 6.5
cpe:/a:symantec:enterprise_firewall:6.5.2Symantec Enterprise Firewall 6.5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1535
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1535
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-098
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html
(VENDOR_ADVISORY)  BUGTRAQ  20021014 Symantec Enterprise Firewall Secure Webserver info leak
http://www.securityfocus.com/bid/5959
(VENDOR_ADVISORY)  BID  5959
http://www.iss.net/security_center/static/10363.php
(UNKNOWN)  XF  simple-webserver-topology-disclosure(10363)
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11a.html
(UNKNOWN)  CONFIRM  http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11a.html

- 漏洞信息

多个Symantec HTTP代理信息泄露漏洞
中危 设计错误
2003-03-31 00:00:00 2005-10-20 00:00:00
远程  
        Raptor 6.5和Symantec Enterprise Firewall 6.5.2中的Secure Webserver 1.1存在漏洞。远程攻击者可以借助一个CONNECT请求识别内部网络的主机IP地址,该漏洞在主机在线的情况下可以产生不同的错误信息。

- 公告与补丁

        This vulnerability has been included in a patch. Administrators are advised to upgrade to the most recent patch level as soon as possible. Visit
        http://www.symantec.com/techsupp for patch download locations.

- 漏洞信息

4707
Symantec Enterprise Firewall Internal IP Address Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Secure Webserver in Symantec Enterprise Firewall contains a flaw that may lead to an unauthorized information disclosure. It is possible that a remote attacker could identify IP addresses of hosts on the internal network via a CONNECT request which generates different error messages if the host is present and will disclose the network topology resulting in a loss of confidentiality.

- 时间线

2002-10-14 2002-08-27
2002-10-14 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Symantec HTTP Proxy Information Disclosure Vulnerability
Design Error 5959
Yes No
2002-10-14 12:00:00 2009-07-11 06:06:00
Discovered by AI-SEC Security.

- 受影响的程序版本

Symantec Raptor Firewall 6.5.3 Solaris
- Sun Solaris 7.0
- Sun Solaris 2.6
Symantec Raptor Firewall 6.5 Windows NT
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Symantec Enterprise Firewall 6.5.2 NT/2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

The "Simple, Secure Webserver" is a HTTP proxy included with Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor and Symantec Gateway Security. An information disclosure vulnerability has been reported in this component. According to the report, it is possible for external hosts to identify responsive hosts on the network connected to the internal interface. Responsive and unresponsive hosts can be distinguished based on the response to a CONNECT request for a guessed internal IP address.

- 漏洞利用

There is no exploit code required.

- 解决方案

This vulnerability has been included in a patch. Administrators are advised to upgrade to the most recent patch level as soon as possible. Visit http://www.symantec.com/techsupp for patch download locations.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站