6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.048 Low
EPSS
Percentile
92.5%
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
CPE | Name | Operator | Version |
---|---|---|---|
antivirus_scan_engine | eq | 5.0.0.24 |
archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
secunia.com/advisories/19734
securityreason.com/securityalert/758
securityreason.com/securityalert/759
securitytracker.com/id?1015974
www.securityfocus.com/archive/1/431728/100/0/threaded
www.securityfocus.com/archive/1/431734/100/0/threaded
www.securityfocus.com/bid/17637
www.symantec.com/avcenter/security/Content/2006.04.21.html
www.vupen.com/english/advisories/2006/1464
exchange.xforce.ibmcloud.com/vulnerabilities/25974