CVE-2002-1535

Name of the Vulnerable Software and Affected Versions Secure Webserver version 1.1 in Raptor 6.5 Secure Webserver in Symantec Enterprise Firewall 6.5.2

Description The issue allows remote attackers to identify IP addresses of hosts on the internal network. This is achieved via a CONNECT request, which generates different error messages depending on whether the host is present.

Recommendations For Secure Webserver version 1.1 in Raptor 6.5, consider restricting access to the CONNECT request method until a patch is available. For Secure Webserver in Symantec Enterprise Firewall 6.5.2, restrict access to the vulnerable CONNECT request method to minimize the risk of exploitation.