Description
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
References (11)
Core 11
Core References
Third Party Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2006.04.21.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17637
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431728/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19734
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431734/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25974
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/758
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/759
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1464
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015974
Scores
EPSS
0.0088
EPSS Percentile
75.6%
Details
Status
published
Products (1)
symantec/antivirus_scan_engine
5.0.0.24
Published
Apr 25, 2006
Tracked Since
Feb 18, 2026