WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request

2005-01-28T12:35:55
ID OSVDB:13234
Type osvdb
Reporter Oliver Karow(Oliver.karow@gmx.de)
Modified 2005-01-28T12:35:55

Description

Vulnerability Description

WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.

Technical Description

This vulnerability is verified on the Windows version. MacOS and Linux versions have not been tested.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.

Manual Testing Notes

1) Start a netcat listener on the WebWasher system: netcat -L -p 99 -s 127.0.0.1 < test.txt 2) Connect to the WebWasher proxy port (default 8080/tcp) 3) Enter command "CONNECT 127.0.0.1:99 HTTP/1.0"

As a result, content of test.txt will appear.

References:

Vendor URL: http://www.webwasher.com Security Tracker: 1013036 Secunia Advisory ID:14058 Other Advisory URL: http://www.oliverkarow.de/research/WebWasherCONNECT.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0315.html CVE-2005-0316