| VID |
22258 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server seems to allow any anonymous user to use it as a reverse proxy.
Generally, "Proxy" can be used to protects your inside network, preventing internal users from access to the external Internet. While, "Reverse Proxy" is the name for certain alternate uses of a proxy server, which can be used outside the firewall to represent a secure content server to outside clients, preventing direct, unmonitored access to your server's data from outside. It can also be used to provide load balancing. It will pass requests from the external user to the actual content server. When the firewall or the appropriate access control is not, which allows connections from the reverse proxy to the content servers exclusively, and not to any other internal resources, a malicious attacker can obtain the information of internal services to potential mapping through this reverse proxy, henceforth, compromise it.
* References:
http://www.sans.org/rr/papers/65/302.pdf
http://developer.netscape.com/docs/manuals/proxy/adminux/revpxy.htm
* Platforms Affected:
Any Operating System Any version |
| Recommendation |
If you don't need the "reverse proxy", disable it on the affected web server.
If you need it, use the firewall applying the appropriate access control that allows connections from the reverse proxy to the content servers exclusively, and not to any other internal resources. Additionally, an encrypted connection from a proxy server outside a firewall to a secure content server inside the firewall can be used, by using a Secure Socket Layer(SSL). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
