Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.10194
Category:Firewalls
Title:Proxy accepts POST requests
Summary:NOSUMMARY
Description:Description:
The proxy allows the users to perform
POST requests like
POST http://cvs.nessus.org:21

Without any Content-length tag.
This request may give an attacker the ability
to have an interactive session.

This problem may allow attackers to go through your
firewall, by connecting to sensitive ports like 23 (telnet)
using your proxy, or it can allow internal users to bypass the firewall
rules and connect to ports they should not be allowed to.

In addition to that, your proxy may be used to perform attacks against
other networks.

Solution: reconfigure your proxy so that only the users of the internal
network can use it, and so that it can not connect to dangerous
ports (1-1024).

Risk factor : High

CopyrightThis script is Copyright (C) 1999 Renaud Deraison

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.