Lucene search

[email protected]CVE-2006-4562

HistorySep 06, 2006 - 12:04 a.m.

CVE-2006-4562

2006-09-0600:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4562

symantec gateway security

sgs

proxy dns

remote attackers

dns queries

ip address

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface

Affected configurations

NVD

Node

symantecgateway_securityMatch1.0

symantecgateway_securityMatch320

symantecgateway_securityMatch360

symantecgateway_securityMatch360r

symantecgateway_securityMatch5000_series_2.0.1

symantecgateway_securityMatch5000_series_3.0

symantecgateway_securityMatch5110

symantecgateway_securityMatch5110_1.0

symantecgateway_securityMatch5200

symantecgateway_securityMatch5200_1.0

symantecgateway_securityMatch5300

symantecgateway_securityMatch5300_1.0

symantecgateway_securityMatch5310_1.0

symantecgateway_securityMatch5400_2.0

symantecgateway_securityMatch5400_2.0.1

CPENameOperatorVersion
symantec:gateway_securitysymantec gateway securityeq1.0
symantec:gateway_securitysymantec gateway securityeq320
symantec:gateway_securitysymantec gateway securityeq360
symantec:gateway_securitysymantec gateway securityeq360r
symantec:gateway_securitysymantec gateway securityeq5000_series_2.0.1
symantec:gateway_securitysymantec gateway securityeq5000_series_3.0
symantec:gateway_securitysymantec gateway securityeq5110
symantec:gateway_securitysymantec gateway securityeq5110_1.0
symantec:gateway_securitysymantec gateway securityeq5200
symantec:gateway_securitysymantec gateway securityeq5200_1.0

CPE	Name	Operator	Version
symantec:gateway_security	symantec gateway security	eq	1.0
symantec:gateway_security	symantec gateway security	eq	320
symantec:gateway_security	symantec gateway security	eq	360
symantec:gateway_security	symantec gateway security	eq	360r
symantec:gateway_security	symantec gateway security	eq	5000_series_2.0.1
symantec:gateway_security	symantec gateway security	eq	5000_series_3.0
symantec:gateway_security	symantec gateway security	eq	5110
symantec:gateway_security	symantec gateway security	eq	5110_1.0
symantec:gateway_security	symantec gateway security	eq	5200
symantec:gateway_security	symantec gateway security	eq	5200_1.0

Rows per page:

1-10 of 151

References

www.securityfocus.com/archive/1/444114/100/100/threaded

www.securityfocus.com/archive/1/444134/100/100/threaded

www.securityfocus.com/archive/1/444135/100/100/threaded

www.securityfocus.com/archive/1/444330/100/0/threaded

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2006-4562

nvd1 cvelist1