HTTP Proxy Open gopher:// Request Relaying

Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings, by making connections ...

CVE-2002-2405

Check Point FireWall-1 4.1 and Next Generation NG, with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall...

Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite well known i.e. ancient type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages e.g...

acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS

Product Information acFreeProxy aka "acfp" is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The prox...

CVE-2002-1061

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 an HTTP GET request with a long major version number, 2 an HTTP GET request to the HTTP proxy on port 3128...

CVE-2002-0440

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients...

CVE-2002-0663

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request...

SECURITY.NNOV: multiple vulnerabilities in JanaServer

Title: Multiple vulnerabilities in JanaServer Author: ZARAZA [email protected] Date: July, 22 2002 Affected: JanaServer 2.2.1 and prior JanaServer 1.46 and prior Vendor: Thomas Hauck [email protected] Risk: High critical if some services, for example HTTP, are available from public...

JanaServer multiple vulnerabilities

Title: Multiple vulnerabilities in JanaServer Author: ZARAZA Date: July, 22 2002 Affected: JanaServer 2.2.1 and prior JanaServer 1.46 and prior Vendor: Thomas Hauck Risk: High critical if some services, for example HTTP, are available from public interface Remote: yes Exploitable: yes Vendor...

CVE-2002-0440

CVE-2002-0440 affects Trend Micro InterScan VirusWall HTTP proxy 3.6. The issue arises when the product is configured with the Skip scanning if Content-length equals 0 option enabled: a malicious HTTP server can bypass content scanning by sending a Content-length header of 0, which many HTTP cl...

CVE-2002-0440

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients...

Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy

The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. Written by H D Moore Changes by Tenable: - Revised plugin title, changed family 1/21/2009 include"compat.inc"; ifdescription...

HTTP proxy default configurations allow arbitrary TCP connections

Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...

CVE-2002-0133

Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 long header fields to the HTTP proxy, or 2 a long string to the telnet proxy...

VirusWall HTTP proxy content scanning circumvention

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FOR PUBLIC RELEASE - ------------------------------------------------------------------------ Inside Security GmbH Vulnerability Notification Revision 0.3 2002-03-10 - ------------------------------------------------------------------------ The latest...

Trend Micro Interscan VirusWall 3.53.6 - Content-Length Scan Bypass

Trend Micro Interscan VirusWall 3.53.6 - Content-Length Scan Bypass // source: https://www.securityfocus.com/bid/4265/info Trend Micro InterScan VirusWall is a high performance internet gateway virus scanning package. It is capable of scanning incoming content over HTTP, SMTP and FTP for viruses...

CVE-2002-0058

Vulnerability in Java Runtime Environment JRE allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in 1 Netscape 6.0 through 6.1 and 4.79 and earlier, 2 Microsoft VM...

Java HTTP proxy vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===Java HTTP proxy vulnerability=== Reference wal-01 Version 1.0 Date March 05, 2002 ===Cross references Sun Security Bulletin 00216 Microsoft Security Bulletin MS02-013 Vulnerability identifier CAN-2002-0058 under review...

Avirt Proxy Buffer Overflow Vulnerabilities

Strumpf Noir Society Advisories ! Public release ! -- -= Avirt Proxy Buffer Overflow Vulnerabilities =- Release date: Thursday, January 17, 2002 Introduction: The Utah, USA-based company Avirt specializes in the development of inter-networking and sharing technologies. As such, it maintains the...

SapporoWorks Black JumboDog 2.6.4/2.6.5 - HTTP Proxy Buffer Overflow

// source: https://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long "expires", "if-modified-since", and "LastModified" strings containing executable code....