PT-2003-1268 · Raptor+1 · Raptor+2

Published

2003-03-18

Updated

2008-09-05

CVE-2002-1535

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Secure Webserver version 1.1 in Raptor 6.5 Secure Webserver in Symantec Enterprise Firewall 6.5.2

Description The issue allows remote attackers to identify IP addresses of hosts on the internal network. This is achieved via a CONNECT request, which generates different error messages depending on whether the host is present.

Recommendations For Secure Webserver version 1.1 in Raptor 6.5, consider restricting access to the CONNECT request method until a patch is available. For Secure Webserver in Symantec Enterprise Firewall 6.5.2, restrict access to the vulnerable CONNECT request method to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1535

Affected Products

Raptor

Secure Webserver

Symantec Enterprise Firewall

PT-2003-1268 · Raptor+1 · Raptor+2

CVE-2002-1535

Related Identifiers

Affected Products

References · 6