Details of VAR-200303-0027

ID

VAR-200303-0027

CVE

CVE-2002-1535

TITLE

Symantec HTTP Agent information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-098

DESCRIPTION

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. The "Simple, Secure Webserver" is a HTTP proxy included with Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor and Symantec Gateway Security. An information disclosure vulnerability has been reported in this component. According to the report, it is possible for external hosts to identify responsive hosts on the network connected to the internal interface. Responsive and unresponsive hosts can be distinguished based on the response to a CONNECT request for a guessed internal IP address. This vulnerability can generate different error messages when the host is online

Trust: 1.26

sources: NVD: CVE-2002-1535 // BID: 5959 // VULHUB: VHN-5920

AFFECTED PRODUCTS

vendor:	symantec	model:	enterprise firewall	scope:	eq	version:	6.5.2	Trust: 1.6
vendor:	symantec	model:	raptor firewall	scope:	eq	version:	6.5	Trust: 1.6
vendor:	symantec	model:	raptor firewall	scope:	eq	version:	6.5.3	Trust: 1.6
vendor:	symantec	model:	raptor firewall solaris	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	symantec	model:	raptor firewall windows nt	scope:	eq	version:	6.5	Trust: 0.3
vendor:	symantec	model:	enterprise firewall nt/2000	scope:	eq	version:	6.5.2	Trust: 0.3

sources: BID: 5959 // CNNVD: CNNVD-200303-098 // NVD: CVE-2002-1535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1535
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200303-098
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5920
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1535
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5920
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5920 // CNNVD: CNNVD-200303-098 // NVD: CVE-2002-1535

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-098

TYPE

Design Error

Trust: 0.9

sources: BID: 5959 // CNNVD: CNNVD-200303-098

EXTERNAL IDS

db:	BID	id:	5959	Trust: 2.0
db:	NVD	id:	CVE-2002-1535	Trust: 2.0
db:	CNNVD	id:	CNNVD-200303-098	Trust: 0.7
db:	XF	id:	10363	Trust: 0.6
db:	BUGTRAQ	id:	20021014 SYMANTEC ENTERPRISE FIREWALL SECURE WEBSERVER INFO LEAK	Trust: 0.6
db:	VULHUB	id:	VHN-5920	Trust: 0.1

sources: VULHUB: VHN-5920 // BID: 5959 // CNNVD: CNNVD-200303-098 // NVD: CVE-2002-1535

REFERENCES

url:	http://www.securityfocus.com/bid/5959	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html	Trust: 1.7
url:	http://securityresponse.symantec.com/avcenter/security/content/2002.10.11a.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/10363.php	Trust: 1.7

sources: VULHUB: VHN-5920 // CNNVD: CNNVD-200303-098 // NVD: CVE-2002-1535

CREDITS

Discovered by AI-SEC Security.

Trust: 0.9

sources: BID: 5959 // CNNVD: CNNVD-200303-098

SOURCES

db:	VULHUB	id:	VHN-5920
db:	BID	id:	5959
db:	CNNVD	id:	CNNVD-200303-098
db:	NVD	id:	CVE-2002-1535

LAST UPDATE DATE

2024-08-14T14:35:58.576000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5920	date:	2008-09-05T00:00:00
db:	BID	id:	5959	date:	2009-07-11T18:06:00
db:	CNNVD	id:	CNNVD-200303-098	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1535	date:	2008-09-05T20:30:51.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5920	date:	2003-03-31T00:00:00
db:	BID	id:	5959	date:	2002-10-14T00:00:00
db:	CNNVD	id:	CNNVD-200303-098	date:	2003-03-31T00:00:00
db:	NVD	id:	CVE-2002-1535	date:	2003-03-31T05:00:00