Description
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Bernhard Mueller · perlremotemultiple
https://www.exploit-db.com/exploits/27852
References (8)
Scores
EPSS
0.1010
EPSS Percentile
93.1%
Details
CWE
CWE-200
Status
published
Products (5)
symantec/enterprise_firewall
8.0
symantec/gateway_security
2.0.1
symantec/gateway_security
3.0
symantec/gateway_security
5000_series_2.0.1
symantec/gateway_security
5000_series_3.0
Published
May 12, 2006
Tracked Since
Feb 18, 2026