CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.6%
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | antivirus_scan_engine | 5.0.0.24 | cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
secunia.com/advisories/19734
securityreason.com/securityalert/758
securityreason.com/securityalert/759
securitytracker.com/id?1015974
www.securityfocus.com/archive/1/431728/100/0/threaded
www.securityfocus.com/archive/1/431734/100/0/threaded
www.securityfocus.com/bid/17637
www.symantec.com/avcenter/security/Content/2006.04.21.html
www.vupen.com/english/advisories/2006/1464
exchange.xforce.ibmcloud.com/vulnerabilities/25974