CVE-2006-0232

high

Description

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25974

http://www.vupen.com/english/advisories/2006/1464

http://www.symantec.com/avcenter/security/Content/2006.04.21.html

http://www.securityfocus.com/bid/17637

http://www.securityfocus.com/archive/1/431734/100/0/threaded

http://www.securityfocus.com/archive/1/431728/100/0/threaded

http://securitytracker.com/id?1015974

http://securityreason.com/securityalert/759

http://securityreason.com/securityalert/758

http://secunia.com/advisories/19734

Details

Source: Mitre, NVD

Published: 2006-04-25

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High