Symantec Enterprise Firewall NAT/HTTP Proxy internal IP leakage
1093
06 March 2020
10 May 2006
CLOSED
LOW
SUMMARY
An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation (NAT).
Severity
Very Low
Remote Access |
Yes |
Local Access |
No |
Authentication Required |
No |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Product |
Version |
Solution |
Symantec Gateway Security 5000 Series |
2.0.1 |
Bundle E |
3.0 |
Bundle B |
|
Symantec Enterprise Firewall |
8.0 |
Bundle E |
ADDITIONAL PRODUCT INFORMATION
Products Not Affected
Product |
Version |
Symantec Gateway Security 1600 appliance |
3.0 |
Symantec Gateway Security 5000 Series |
3.0.1 |
Symantec Gateway Security 400 Series |
All |
Symantec Gateway Security 300 Series |
All |
ISSUES
An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation (NAT).
MITIGATION
Symantec Response
Symantec has verified the issue and fixed the exposure in available product updates. Symantec recommends customers apply the latest updates for their supported product versions.
Product Updates are available from the Symantec web site:
http://www.symantec.com/techsupp/enterprise/select_product_updates.html
ACKNOWLEDGEMENTS
Symantec would like to thank Bernhard Mueller for reporting this issue to Symantec
REVISION
Revision History
May 10, 2006 - Corrected bundle information