Glype proxy local address filter bypass

2014-09-29T00:00:00
ID SECURITYVULNS:DOC:31121
Type securityvulns
Reporter Securityvulns
Modified 2014-09-29T00:00:00

Description


Glype proxy local address filter bypass

Securify, September 2014


Abstract

A vulnerability has been identified in the Glype web-based proxy. Glype has a filter to disallow users from surfing to local addresses, to prevents users from attacking the local server/network Glype is running on. The filter can easily be bypassed by using IPs in decimal form.


Affected versions

This issue has been identified in Glype 1.4.9. Older version are most likely affected as well.


Fix

Glype was informed and a fixed version (1.4.10) is now available at www.glype.com


Details

http://www.securify.nl/advisory/SFY20140902/glype_proxy_local_address_filter_bypass.html