Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Title:Proxy accepts gopher:// requests

The proxy accepts gopher:// requests.

Gopher is an old network protocol which predates HTTP and
is nearly unused today. As a result, gopher-compatible
software is generally less audited and more likely to contain
security bugs than others.

By making gopher requests, an attacker may evade your firewall
settings, by making connections to port 70, or may even exploit
arcane flaws in this protocol to gain more privileges on this
host (see the attached CVE id for such an example).

Solution : reconfigure your proxy so that it refuses gopher requests.
Risk factor : Medium

Cross-Ref: BugTraq ID: 4930
Common Vulnerability Exposure (CVE) ID: CVE-2002-0371
Bugtraq: 20020604 Buffer overflow in MSIE gopher code (Google Search)
Bugtraq: 20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 (Google Search)
Bugtraq: 20020613 Microsoft releases critical fix that breaks their own software! (Google Search)
CERT/CC vulnerability note: VU#440275
Microsoft Security Bulletin: MS02-027
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.