Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11305
Category:Firewalls
Title:Proxy accepts gopher:// requests
Summary:NOSUMMARY
Description:Description:

The proxy accepts gopher:// requests.

Gopher is an old network protocol which predates HTTP and
is nearly unused today. As a result, gopher-compatible
software is generally less audited and more likely to contain
security bugs than others.

By making gopher requests, an attacker may evade your firewall
settings, by making connections to port 70, or may even exploit
arcane flaws in this protocol to gain more privileges on this
host (see the attached CVE id for such an example).

Solution : reconfigure your proxy so that it refuses gopher requests.
Risk factor : Medium

Cross-Ref: BugTraq ID: 4930
Common Vulnerability Exposure (CVE) ID: CVE-2002-0371
http://www.securityfocus.com/bid/4930
Bugtraq: 20020604 Buffer overflow in MSIE gopher code (Google Search)
http://marc.info/?l=bugtraq&m=102320516707940&w=2
Bugtraq: 20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 (Google Search)
http://online.securityfocus.com/archive/1/276848
Bugtraq: 20020613 Microsoft releases critical fix that breaks their own software! (Google Search)
http://marc.info/?l=bugtraq&m=102397955217618&w=2
CERT/CC vulnerability note: VU#440275
http://www.kb.cert.org/vuls/id/440275
http://www.pivx.com/workaround_fail.html
Microsoft Security Bulletin: MS02-027
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98
http://www.iss.net/security_center/static/9247.php
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.