Vulnerabilities > Symantec > Enterprise Firewall

DATE CVE VULNERABILITY TITLE RISK
2007-08-18 CVE-2007-4422 Unspecified vulnerability in Symantec Enterprise Firewall 6
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
network
symantec
critical
9.3
2006-05-12 CVE-2006-2341 Information Exposure vulnerability in Symantec Enterprise Firewall and Gateway Security
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
network
low complexity
symantec CWE-200
5.0
2005-11-23 CVE-2005-3768 Denial-Of-Service vulnerability in Gateway Security 400
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
network
low complexity
symantec
7.5
2005-05-02 CVE-2005-0817 Unspecified vulnerability in Symantec products
Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites.
network
low complexity
symantec
5.0
2005-03-01 CVE-2004-1029 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
network
hp sun symantec conectiva gentoo CWE-264
critical
9.3
2004-12-31 CVE-2004-0369 Remote IPsec/ISAKMP Buffer Overflow vulnerability in Entrust LibKMP ISAKMP Library
Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.
network
low complexity
entrust symantec
7.5
2004-06-15 CVE-2004-1754 Unspecified vulnerability in Symantec Enterprise Firewall and Gateway Security
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
network
low complexity
symantec
5.0
2003-06-09 CVE-2002-1463 Unspecified vulnerability in Symantec products
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
network
low complexity
symantec
7.5
2003-04-02 CVE-2003-0106 Unspecified vulnerability in Symantec Enterprise Firewall 7.0
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
network
low complexity
symantec
7.5
2003-03-31 CVE-2002-1535 Information Disclosure vulnerability in Symantec Enterprise Firewall and Raptor Firewall
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
network
low complexity
symantec
5.0