CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4562
https://notcve.org/view.php?id=CVE-2006-4562
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface ** DISCUTIDO ** El servicio proxy DNS en Symantec Gateway Security (SGS) permite a un atacante remoto hacer consultas DNS de su elección a los servidores DNS de terceras personas, mientras se ocultan la dirección IP de origen del atacante. NOTA: otro investigador ha señalado que la configuración por defecto no recibe consultas proxy DNS sobre una interfaz externa. • http://www.securityfocus.com/archive/1/444114/100/100/threaded http://www.securityfocus.com/archive/1/444134/100/100/threaded http://www.securityfocus.com/archive/1/444135/100/100/threaded http://www.securityfocus.com/archive/1/444330/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2CVE-2006-2341 – Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage
https://notcve.org/view.php?id=CVE-2006-2341
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. • https://www.exploit-db.com/exploits/27852 http://secunia.com/advisories/20082 http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html http://securitytracker.com/id?1016057 http://securitytracker.com/id?1016058 http://www.securityfocus.com/archive/1/433876/30/5040/threaded http://www.securityfocus.com/bid/17936 http://www.vupen.com/english/advisories/2006/1764 https://exchange.xforce.ibmcloud.com/vulnerabilities/26370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2004-1472
https://notcve.org/view.php?id=CVE-2004-1472
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface. • http://marc.info/?l=bugtraq&m=109588376426070&w=2 http://secunia.com/advisories/12635 http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html http://www.kb.cert.org/vuls/id/441078 http://www.osvdb.org/10204 http://www.securityfocus.com/bid/11237 https://exchange.xforce.ibmcloud.com/vulnerabilities/17469 •