CVE-2006-2341

Symantec Enterprise Firewall 8.0 / Gateway Security 2.0.1-3.0 - Internal IP Address Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2341. PoCs published by Bernhard Mueller.

AI-analyzed exploit summary This exploit targets a vulnerability in Symantec Enterprise Firewall and Gateway Security products, specifically the NAT/HTTP proxy component, to disclose internal IP addresses. It sends a malformed HTTP request and parses the response to extract the internal IP address.

Description

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bernhard Mueller · perlremotemultiple

https://www.exploit-db.com/exploits/27852

View Code ZIP pw:eip

This exploit targets a vulnerability in Symantec Enterprise Firewall and Gateway Security products, specifically the NAT/HTTP proxy component, to disclose internal IP addresses. It sends a malformed HTTP request and parses the response to extract the internal IP address.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Symantec Enterprise Firewall and Gateway Security products

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK