| VID |
22076 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The proxy allows the users to perform POST requests like
POST http://target.com:21
Without any Content-length tag. This request give to the person who make it the ability to have an interactive session.
This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 21 (ftp) using your proxy, or it can allow internal users to bypass the firewall rules and connect to ports they should not be allowed to.
In addition to that, your proxy may be used to perform attacks against other networks.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10194
http://www.securityspace.com/smysecure/catid.html?id=10194 |
| Recommendation |
Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not connect to dangerous ports (1-1024). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
