{"api_version":"1","generated_at":"2026-04-23T09:52:24+00:00","cve":"CVE-2006-0232","urls":{"html":"https://cve.report/CVE-2006-0232","api":"https://cve.report/api/cve/CVE-2006-0232.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0232","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0232"},"summary":{"title":"CVE-2006-0232","description":"Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-04-25 01:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html","name":"http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/758","name":"http://securityreason.com/securityalert/758","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19734","name":"http://secunia.com/advisories/19734","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Scan Engine Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25974","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25974","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/431728/100/0/threaded","name":"http://www.securityfocus.com/archive/1/431728/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/431734/100/0/threaded","name":"http://www.securityfocus.com/archive/1/431734/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015974","name":"http://securitytracker.com/id?1015974","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Symantec Scan Engine Lets Remote Users Access the System and Download Files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17637","name":"http://www.securityfocus.com/bid/17637","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/1464","name":"http://www.vupen.com/english/advisories/2006/1464","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html","name":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/759","name":"http://securityreason.com/securityalert/759","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0232","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0232","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"232","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"antivirus_scan_engine","cpe6":"5.0.0.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"232","cve":"CVE-2006-0232","epss":"0.008790000","percentile":"0.753730000","score_date":"2026-04-20","updated_at":"2026-04-21 00:07:48"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:25:34.018Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"17637","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17637"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/431728/100/0/threaded"},{"name":"19734","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19734"},{"name":"20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/431734/100/0/threaded"},{"name":"sse-unauth-file-access(25974)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25974"},{"name":"758","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/758"},{"name":"759","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/759"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","tags":["mailing-list","x_refsource_VULNWATCH","x_transferred"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html"},{"name":"ADV-2006-1464","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1464"},{"name":"1015974","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015974"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-04-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-19T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"17637","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17637"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/431728/100/0/threaded"},{"name":"19734","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19734"},{"name":"20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/431734/100/0/threaded"},{"name":"sse-unauth-file-access(25974)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25974"},{"name":"758","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/758"},{"name":"759","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/759"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","tags":["mailing-list","x_refsource_VULNWATCH"],"url":"http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html"},{"name":"ADV-2006-1464","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1464"},{"name":"1015974","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015974"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-0232","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"17637","refsource":"BID","url":"http://www.securityfocus.com/bid/17637"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/431728/100/0/threaded"},{"name":"19734","refsource":"SECUNIA","url":"http://secunia.com/advisories/19734"},{"name":"20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/431734/100/0/threaded"},{"name":"sse-unauth-file-access(25974)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25974"},{"name":"758","refsource":"SREASON","url":"http://securityreason.com/securityalert/758"},{"name":"759","refsource":"SREASON","url":"http://securityreason.com/securityalert/759"},{"name":"20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability","refsource":"VULNWATCH","url":"http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html"},{"name":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html","refsource":"CONFIRM","url":"http://www.symantec.com/avcenter/security/Content/2006.04.21.html"},{"name":"ADV-2006-1464","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1464"},{"name":"1015974","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015974"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-0232","datePublished":"2006-04-25T01:00:00.000Z","dateReserved":"2006-01-17T00:00:00.000Z","dateUpdated":"2024-08-07T16:25:34.018Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-04-25 01:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:*","matchCriteriaId":"8AF68B64-10AA-49B6-944B-B89B13DD3F2A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"232","Ordinal":"1","Title":"CVE-2006-0232","CVE":"CVE-2006-0232","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"232","Ordinal":"1","NoteData":"Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.","Type":"Description","Title":"CVE-2006-0232"},{"CveYear":"2006","CveId":"232","Ordinal":"2","NoteData":"2006-04-24","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"232","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}