CVE-2006-5725

Name of the Vulnerable Software and Affected Versions: AEP Smartgate version 4.3b

Description: The issue allows remote attackers to determine the existence of directories via a direct request for a directory URI. This is possible because the SSL server returns different HTTP status codes for existing and non-existing directories.

Recommendations: For AEP Smartgate version 4.3b, consider restricting access to directory URIs to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed by the HTTP status codes returned by the SSL server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.