CVE-2006-0232 Information
Description
Symantec Scan Engine 5.0.0.24 and possibly other versions before 5.1.0.7 stores sensitive log and virus definition files under the web root with insufficient access control which allows remote attackers to obtain the information via direct requests.
Reference
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html http://secunia.com/advisories/19734 http://securityreason.com/securityalert/758 http://securityreason.com/securityalert/759 http://securitytracker.com/id?1015974 http://www.securityfocus.com/archive/1/431728/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english/advisories/2006/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/25974
Share on: