Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
13 Oct 2002 Closed Medium
Advanced IT-Security, a Scandinavian security consultancy, notified Symantec of a denial-of-service (D0S) issue they had discovered with the web proxy component in the Symantec Enterprise Firewall. A malicious user who is able to establish a remote connection to the proxy server could, by requesting multiple connections to a non-existent or erroneous internal URL, cause the proxy server to timeout for an extended period of time. While timed out, the server fails to process any subsequent connection requests
Symantec tested and verified the problem discovered by Advanced IT-Security. This issue has been addressed in the security hotfix bundle currently available for download through the Symantec Enterprise Support Web site.
The following hotfix bundles are applicable for the affected product and version to address this issue:
As a best practice, Symantec recommends keeping all operating systems and applications updated with the latest vendor patches. Keeping mission-critical systems updated with all security patches applied reduces risk exposure.
Symantec takes the security and proper functionality of our products very seriously. Symantec appreciates the assistance of Tommy Mikalsen from Advanced IT-Security in identifying this area of concern so we could quickly address it
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.