Firewalls : Proxy accepts CONNECT requests

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.10192

Category: Firewalls

Title: Proxy accepts CONNECT requests

Summary: NOSUMMARY

Description: Description:
The proxy allows the users to perform
CONNECT requests like
CONNECT http://cvs.nessus.org:23

This request give to the person who make it the ability
to have an interactive session.

This problem may allow attackers to go through your
firewall, by connecting to sensitive ports like 23 (telnet)
using your proxy, or it can allow internal users to bypass the firewall
rules and connect to ports they should not be allowed to.

In addition to that, your proxy may be used to perform attacks against
other networks.

Solution: reconfigure your proxy so that it refuses CONNECT requests.

Risk factor : High

Copyright This script is Copyright (C) 1999 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.10192
Category:	Firewalls
Title:	Proxy accepts CONNECT requests
Summary:	NOSUMMARY
Description:	Description: The proxy allows the users to perform CONNECT requests like CONNECT http://cvs.nessus.org:23 This request give to the person who make it the ability to have an interactive session. This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 23 (telnet) using your proxy, or it can allow internal users to bypass the firewall rules and connect to ports they should not be allowed to. In addition to that, your proxy may be used to perform attacks against other networks. Solution: reconfigure your proxy so that it refuses CONNECT requests. Risk factor : High
Copyright	This script is Copyright (C) 1999 Renaud Deraison