ID de Prueba:	1.3.6.1.4.1.25623.1.0.11305
Categoría:	Firewalls
Título:	Proxy accepts gopher:// requests
Resumen:	NOSUMMARY
Descripción:	Description: The proxy accepts gopher:// requests. Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings, by making connections to port 70, or may even exploit arcane flaws in this protocol to gain more privileges on this host (see the attached CVE id for such an example). Solution : reconfigure your proxy so that it refuses gopher requests. Risk factor : Medium
Referencia Cruzada:	BugTraq ID: 4930 Common Vulnerability Exposure (CVE) ID: CVE-2002-0371 http://www.securityfocus.com/bid/4930 Bugtraq: 20020604 Buffer overflow in MSIE gopher code (Google Search) http://marc.info/?l=bugtraq&m=102320516707940&w=2 Bugtraq: 20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 (Google Search) http://online.securityfocus.com/archive/1/276848 Bugtraq: 20020613 Microsoft releases critical fix that breaks their own software! (Google Search) http://marc.info/?l=bugtraq&m=102397955217618&w=2 CERT/CC vulnerability note: VU#440275 http://www.kb.cert.org/vuls/id/440275 http://www.pivx.com/workaround_fail.html Microsoft Security Bulletin: MS02-027 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98 http://www.iss.net/security_center/static/9247.php
Copyright	This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.