Unrated severityNVD Advisory· Published May 12, 2006· Updated Apr 16, 2026

CVE-2006-2341

Description

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

Affected products

Symantec/Enterprise Firewall
cpe:2.3:a:symantec:enterprise_firewall:8.0:*:*:*:*:*:*:*
Symantec/Gateway Security4 versions
cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:gateway_security:3.0:*:*:*:*:*:*:*
- cpe:2.3:h:symantec:gateway_security:5000_series_2.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:symantec:gateway_security:5000_series_3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20082nvdPatchVendor Advisory
securityresponse.symantec.com/avcenter/security/Content/2006.05.10.htmlnvdPatchVendor Advisory
securitytracker.com/idnvdPatch
securitytracker.com/idnvdPatch
www.securityfocus.com/bid/17936nvdExploit
www.vupen.com/english/advisories/2006/1764nvdVendor Advisory
www.securityfocus.com/archive/1/433876/30/5040/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/26370nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000