Symantec Enterprise Firewall Secure Webserver Information Leak
15 Oct. 2002
Summary
There exists a problem in "Simple, secure webserver 1.1" that is shipped with Raptor Firewall 6.5 (among others), which lets an attacker map out the entire topology of a client from the outside.
There exists a problem in Simple, secure webserver 1.1 that is shipped with Raptor Firewall 6.5 (among others), in which an attacker can connect to the proxy server from the outside, and issue a CONNECT to IP-addresses on the inside interface, and thereby determine if there are hosts present or not by inspecting the error message. This problem lets an attacker map out the entire topology of a client from the outside.
Symantec has addressed this issue as a collateral problem in an earlier security update for the Symantec Enterprise Firewall. The Symantec Enterprise Firewall is not vulnerable to this concern if patched fully up-to-date.
Vendor status:
Symantec was contacted 27. August 2002. Symantec promptly tested and confirmed AI-SEC Security's findings. However, Symantec claims that this issue was fixed in a patch released late summer 2002.
