WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
BID:12394
Info
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
| Bugtraq ID: | 12394 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2005 12:00AM |
| Updated: | Jan 28 2005 12:00AM |
| Credit: | Discovery is credited to Oliver Karow <[email protected]>. |
| Vulnerable: |
Webwasher Webwasher Classic 3.3 build 44 Webwasher Webwasher Classic 3.3 Webwasher Webwasher Classic 2.2.1 |
| Not Vulnerable: | |
Discussion
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
It is reported that WebWasher Classic is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.
This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.
WebWasher Classic 3.3 and 2.2.1 are reported prone to this weakness. Other versions may be affected as well.
It is reported that WebWasher Classic is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.
This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.
WebWasher Classic 3.3 and 2.2.1 are reported prone to this weakness. Other versions may be affected as well.
Exploit / POC
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
An exploit is not required.
The following proof of concept is available:
1) Start a netcat listener on the WebWasher system:
netcat -L -p 99 -s 127.0.0.1 < hallo.txt
2) Connect to the WebWasher proxy port (default 8080/tcp)
3) Enter command "CONNECT 127.0.0.1:99 HTTP/1.0"
As a result, content of hallo.txt will appear.
An exploit is not required.
The following proof of concept is available:
1) Start a netcat listener on the WebWasher system:
netcat -L -p 99 -s 127.0.0.1 < hallo.txt
2) Connect to the WebWasher proxy port (default 8080/tcp)
3) Enter command "CONNECT 127.0.0.1:99 HTTP/1.0"
As a result, content of hallo.txt will appear.
Solution / Fix
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
Solution:
The vendor has released Webwasher Classic version 3.4 to address this and other issues.
Webwasher Webwasher Classic 2.2.1
Webwasher Webwasher Classic 3.3
Webwasher Webwasher Classic 3.3 build 44
Solution:
The vendor has released Webwasher Classic version 3.4 to address this and other issues.
Webwasher Webwasher Classic 2.2.1
-
WebWasher wash34.exe
ftp://ftp.webwasher.com/pub/wwash/wash34.exe
Webwasher Webwasher Classic 3.3
-
WebWasher wash34.exe
ftp://ftp.webwasher.com/pub/wwash/wash34.exe
Webwasher Webwasher Classic 3.3 build 44
-
WebWasher wash34.exe
ftp://ftp.webwasher.com/pub/wwash/wash34.exe
References
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
References:
References:
- Webwasher Classic Product Homepage (Webwasher)
- WebWasher Classic - HTTP CONNECT weakness ("Oliver Karow"