Symantec Enterprise Firewall HTTP proxy internal IP disclosure

symantec-firewall-proxy-ip-disclosure (26370) The risk level is classified as LowLow Risk


Symantec Enterprise Firewall and Symantec Gateway Security could allow a remote attacker to obtain sensitive information, caused by an information leak in the HTTP proxy. A remote attacker could send a specially-crafted HTTP request to a vulnerable device to cause internal IP addresses to be returned. An attacker could use this information to launch further attacks against systems protected by an affected device.


Obtain Information


Refer to Symantec Security Advisory SYM06-009 for upgrade information. See References.


  • Symantec Security Advisory SYM06-009 : Symantec Enterprise Firewall NAT/HTTP Proxy internal IP leakage.
  • BID-17936: Symantec Enterprise Firewall / Gateway Security HTTP Proxy Internal IP Leakage Weakness
  • CVE-2006-2341: The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
  • OSVDB ID: 25503: Symantec Firewall Products Crafted HTTP Request Internal IP Disclosure
  • SA20082: Symantec Firewall Products Internal IP Addresses Disclosure
  • SECTRACK ID: 1016057: Symantec Enterprise Firewall HTTP Proxy May Disclose Internal NAT Addresses
  • SECTRACK ID: 1016058: Symantec Gateway Security HTTP Proxy May Disclose Internal NAT Addresses

Platforms Affected:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2003 Server Standard
  • Sun Solaris 8
  • Sun Solaris 9
  • Symantec Enterprise Firewall 8.0
  • Symantec Gateway Security 5000 2.0.1
  • Symantec Gateway Security 5000 3.0


May 10, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page