Description
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.
Products
- Symantec Enterprise Firewall 6.5.2 for Windows 2000 NT
- Symantec Enterprise Firewall 7.0 for Solaris
- Symantec Enterprise Firewall 7.0 for Windows 2000 NT
- Symantec Raptor Firewall 6.5.3 for Solaris
- Symantec Raptor Firewall 6.5 for Windows NT
- Symantec Velociraptor 1000
- Symantec Velociraptor 1100
- Symantec Velociraptor 1200
- Symantec Velociraptor 1300
- Symantec Velociraptor 500
- Symantec Velociraptor 700
- Symantec Gateway Security 5110
- Symantec Gateway Security 5200
- Symantec Gateway Security 5300
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0990, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0990 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References