CVE-2006-2341 Information

Description

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0 and Enterprise Firewall 8.0 when NAT is being used allows remote attackers to determine internal IP addresses by using malformed HTTP requests as demonstrated using a get request without a space separating the URI.

Reference

http://secunia.com/advisories/20082 http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html http://securitytracker.com/id?1016057 http://securitytracker.com/id?1016058 http://www.securityfocus.com/archive/1/433876/30/5040/threaded http://www.securityfocus.com/bid/17936 http://www.vupen.com/english/advisories/2006/1764 https://exchange.xforce.ibmcloud.com/vulnerabilities/26370