Rapid7 Vulnerability & Exploit Database

Symantec Scan Engine File Disclosure Vulnerability

Back to Search

Symantec Scan Engine File Disclosure Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
04/21/2006
Created
07/25/2018
Added
04/21/2006
Modified
02/13/2015

Description

There is a vulnerability in Symantec Scan Engine which allows unauthenticated remote users to download any file located under the Symantec Scan Engine installation directory. For instance the configuration file, the scanning logs, as well as the current virus definitions can all be accessed by any remote user using regular or specially crafted HTTP requests.

Solution(s)

  • symantec-scan-engine-upgrade-5_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;