Symantec Enterprise Firewall NAT/HTTP Proxy internal IP leakage

1093

06 March 2020

10 May 2006

CLOSED

LOW

SUMMARY

 

An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation (NAT).

Severity
Very Low

Remote Access

Yes

Local Access

No

Authentication Required

No

Exploit publicly available

No

 

AFFECTED PRODUCTS

 

Product

Version

Solution

Symantec Gateway Security 5000 Series

2.0.1

Bundle E

3.0

Bundle B

Symantec Enterprise Firewall

8.0

Bundle E

 

ADDITIONAL PRODUCT INFORMATION

 

Products Not Affected

Product

Version

Symantec Gateway Security 1600 appliance

3.0

Symantec Gateway Security 5000 Series

3.0.1

Symantec Gateway Security 400 Series

All

Symantec Gateway Security 300 Series

All

 

ISSUES

 

An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation (NAT).

MITIGATION

 

Symantec Response
Symantec has verified the issue and fixed the exposure in available product updates. Symantec recommends customers apply the latest updates for their supported product versions.

Product Updates are available from the Symantec web site:
http://www.symantec.com/techsupp/enterprise/select_product_updates.html

ACKNOWLEDGEMENTS

 

Symantec would like to thank Bernhard Mueller for reporting this issue to Symantec

REVISION

 

Revision History
May 10, 2006 - Corrected bundle information