CVE-2006-2341 – Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage

https://notcve.org/view.php?id=CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. • https://www.exploit-db.com/exploits/27852 http://secunia.com/advisories/20082 http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html http://securitytracker.com/id?1016057 http://securitytracker.com/id?1016058 http://www.securityfocus.com/archive/1/433876/30/5040/threaded http://www.securityfocus.com/bid/17936 http://www.vupen.com/english/advisories/2006/1764 https://exchange.xforce.ibmcloud.com/vulnerabilities/26370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •