CVE-2016-5306

MEDIUM

Symantec Endpoint Protection Manager < 12.1.6 - Information Disclosure

Title source: rule

Description

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036196

[Vendor Advisory] https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91449

Scores

CVSS v3 5.3

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-254 CWE-200

Status draft

Affected Products (1)

symantec/endpoint_protection_manager < 12.1.6

Timeline

Published Jun 30, 2016

Tracked Since Feb 18, 2026