Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.WINPROXY_HTTP_61A.NASL
HistoryJan 10, 2006 - 12:00 a.m.

WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities

2006-01-1000:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
30
JSON

The remote host is running WinProxy, a proxy server for Windows.

The installed version of WinProxy’s HTTP proxy fails to handle long requests as well as requests with long Host headers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description) {
  script_id(20391);
  script_version("1.19");

  script_cve_id("CVE-2005-3187", "CVE-2005-4085");
  script_bugtraq_id(16147, 16148);

  script_name(english:"WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities");
  script_summary(english:"Checks for multiple vulnerabilities in WinProxy < 6.1a HTTP Proxy");

 script_set_attribute(attribute:"synopsis", value:
"The remote web proxy server is affected by denial of service and
buffer overflow vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remote host is running WinProxy, a proxy server for Windows. 

The installed version of WinProxy's HTTP proxy fails to handle long
requests as well as requests with long Host headers.  An attacker may
be able to exploit these issues to crash the proxy or even execute
arbitrary code on the affected host." );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?40f07cd6" );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3a6c81a5" );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c88612f" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to WinProxy version 6.1a or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Blue Coat WinProxy Host Header Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/01/10");
 script_set_attribute(attribute:"patch_publication_date", value: "2006/01/05");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/01/05");
 script_cvs_date("Date: 2018/08/06 14:03:14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
  script_category(ACT_DENIAL);
  script_family(english:"Firewalls");
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
  script_dependencies("find_service2.nasl", "httpver.nasl");
  script_require_ports("Services/www", 80);

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, dont_break: 1);


# Make sure it looks like WinProxy.
help = get_kb_banner(port: port, type: "help");
if (help && "Proxy-agent: BlueCoat-WinProxy" >< help) {
  # Flag it as a proxy.
  register_service(port:port, ipproto:"tcp", proto:"http_proxy");

  # Try to exploit it.
  rq = http_mk_proxy_request(port: 80, item: "/", host: "127.0.0.1", method: "GET", scheme: "http", version: 10, add_headers: make_array("Host", crap(32800)));

  w = http_send_recv_req(port: port, req: rq);
  # If we didn't get anything, try resending the query.
  w = http_send_recv3(port: port, item:"/", method:"GET");

  # There's a problem if we didn't get a response the second time.
    if (isnull(w)) security_hole(port);
}

Related

nessus 1
exploitpack 2
checkpoint_advisories 1
packetstorm 1
securityvulns 2
seebug 3
cve 2
exploitdb 2
nessus
nessus
WinProxy < 6.1a Multiple Vulnerabilities (credentialed check)
2006-01-10 00:00:00
exploitpack
exploitpack
BlueCoat WinProxy 6.0 R1c - Host Remote Stack Overflow (SEH)
2006-01-07 00:00:00
BlueCoat WinProxy 6.0 R1c - GET Denial of Service
2006-01-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against BlueCoat WinProxy Host Header Stack Overflow Vulnerability
2006-04-05 00:00:00
packetstorm
packetstorm
Blue Coat WinProxy Host Header Overflow
2009-11-26 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability
2006-01-07 00:00:00
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability
2006-01-07 00:00:00
seebug
seebug
BlueCoat WinProxy 6.0 R1c (Host) Remote Stack/SEH Overflow Exploit
2006-01-07 00:00:00
BlueCoat WinProxy &lt;= 6.0 R1c (GET Request) Denial of Service Exploit
2006-01-07 00:00:00
BlueCoat WinProxy <= 6.0 R1c (GET Request) Denial of Service Exploit
2014-07-01 00:00:00
cve
cve
CVE-2005-4085
2005-12-31 05:00:00
CVE-2005-3187
2005-12-31 05:00:00
exploitdb
exploitdb
BlueCoat WinProxy 6.0 R1c - &#039;Host&#039; Remote Stack Overflow (SEH)
2006-01-07 00:00:00
BlueCoat WinProxy 6.0 R1c - GET Denial of Service
2006-01-07 00:00:00
JSON
Related for WINPROXY_HTTP_61A.NASL
nessus1exploitpack2checkpoint_advisories1packetstorm1securityvulns2seebug3cve2exploitdb2