CVE-2003-0803

The CVE-2003-0803 entry concerns Nokia Electronic Documentation (NED) 5.0. The vulnerability allows a remote attacker to abuse NED as an open HTTP proxy by supplying a URL in the location parameter, which NED accesses and returns to the user. This describes a proxy abuse/chainable request issue a...

CURL-CVE-2003-1605 Proxy Authentication Header Information Leakage

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server...

Avirt Multiple Product HTTP Proxy Overflow (deprecated)

This plugin has been deprecated as it resulted in false positives without reliably detecting the vulnerability on the intended target. Avirt software is not currently being distributed or maintained. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/03/30. include"compat.inc";...

CVE-2002-0847

CVE-2002-0847 affects tinyproxy (versions up to 1.5.0, 1.4.3 and earlier) where improper handling of certain invalid proxy requests leads to a double-free of memory, enabling potential remote code execution. Multiple connected sources corroborate the doubly freed memory vulnerability in tinyproxy...

CVE-2003-0106

The CVE-2003-0106 entry concerns Symantec Enterprise Firewall (SEF) 7.0 HTTP proxy URL pattern matching that can be bypassed when requests are URL-encoded (escapes, Unicode, UTF-8). The issue allows proxy users to bypass blocked URL pattern matching, enabling access to URLs that should be blocked...

Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue

-- Corsaire Security Advisory -- Title: Symantec Enterprise Firewall SEF HTTP URL pattern evasion issue Date: 24.02.03 Application: Symantec Enterprise Firewall SEF 7.0 Environment: Windows NT 4.0, Windows 2000, Author: Martin O'Neal [email protected] Audience: General Distribution -- Sco...

HTTP Proxy Open gopher:// Request Relaying

Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings, by making connections ...

CVE-2002-2405

Check Point FireWall-1 4.1 and Next Generation NG, with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall...

Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite well known i.e. ancient type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages e.g...

acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS

Product Information acFreeProxy aka "acfp" is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The prox...

CVE-2002-1061

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 an HTTP GET request with a long major version number, 2 an HTTP GET request to the HTTP proxy on port 3128...

CVE-2002-0440

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients...

CVE-2002-0663

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request...

SECURITY.NNOV: multiple vulnerabilities in JanaServer

Title: Multiple vulnerabilities in JanaServer Author: ZARAZA [email protected] Date: July, 22 2002 Affected: JanaServer 2.2.1 and prior JanaServer 1.46 and prior Vendor: Thomas Hauck [email protected] Risk: High critical if some services, for example HTTP, are available from public...

JanaServer multiple vulnerabilities

Title: Multiple vulnerabilities in JanaServer Author: ZARAZA Date: July, 22 2002 Affected: JanaServer 2.2.1 and prior JanaServer 1.46 and prior Vendor: Thomas Hauck Risk: High critical if some services, for example HTTP, are available from public interface Remote: yes Exploitable: yes Vendor...

CVE-2002-0440

CVE-2002-0440 affects Trend Micro InterScan VirusWall HTTP proxy 3.6. The issue arises when the product is configured with the Skip scanning if Content-length equals 0 option enabled: a malicious HTTP server can bypass content scanning by sending a Content-length header of 0, which many HTTP cl...

CVE-2002-0440

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients...

Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy

The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. Written by H D Moore Changes by Tenable: - Revised plugin title, changed family 1/21/2009 include"compat.inc"; ifdescription...

HTTP proxy default configurations allow arbitrary TCP connections

Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...

CVE-2002-0133

Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 long header fields to the HTTP proxy, or 2 a long string to the telnet proxy...