Back to search
CVE-2006-0232
Published: Apr 25, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
17637
vdb-entry
x_refsource_BID
20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
19734
third-party-advisory
x_refsource_SECUNIA
20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
sse-unauth-file-access(25974)
vdb-entry
x_refsource_XF
758
third-party-advisory
x_refsource_SREASON
759
third-party-advisory
x_refsource_SREASON
20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
mailing-list
x_refsource_VULNWATCH
http://www.symantec.com/avcenter/security/Content/2006.04.21.html
x_refsource_CONFIRM
ADV-2006-1464
vdb-entry
x_refsource_VUPEN
1015974
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now