Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
secunia.com/advisories/19734
securityreason.com/securityalert/758
securityreason.com/securityalert/759
securitytracker.com/id?1015974
www.securityfocus.com/archive/1/431728/100/0/threaded
www.securityfocus.com/archive/1/431734/100/0/threaded
www.securityfocus.com/bid/17637
www.symantec.com/avcenter/security/Content/2006.04.21.html
www.vupen.com/english/advisories/2006/1464
exchange.xforce.ibmcloud.com/vulnerabilities/25974