Gateway Security Security Vulnerabilities and Issues — Gateway Security CVE List

Lucene search

SymantecGateway Security

8 matches found

CVE•added 2004/09/01 4:0 a.m.•103 views

CVE-2002-1463

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.

7.5CVSS7.5AI score0.09679EPSS

CVE•added 2005/02/08 5:0 a.m.•50 views

CVE-2005-0249

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

7.5CVSS8AI score0.10603EPSS

CVE•added 2003/04/02 5:0 a.m.•43 views

CVE-2002-0538

FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.

7.5CVSS7.1AI score0.01336EPSS

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2002-0990

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS serv...

5CVSS7.2AI score0.00821EPSS

CVE•added 2006/09/06 12:4 a.m.•40 views

CVE-2006-4562

The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on th...

5CVSS7.1AI score0.00484EPSS

CVE•added 2006/05/12 1:2 a.m.•38 views

CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.

5CVSS6.7AI score0.08868EPSS

CVE•added 2005/02/13 5:0 a.m.•37 views

CVE-2004-1472

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.

5CVSS7.1AI score0.05678EPSS

CVE•added 2005/03/09 5:0 a.m.•35 views

CVE-2004-1754

The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.

5CVSS6.7AI score0.04443EPSS