Microsoft Proxy 2.0 Internal Network Access Vulnerability
BID:1692
Info
Microsoft Proxy 2.0 Internal Network Access Vulnerability
| Bugtraq ID: | 1692 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 17 1998 12:00AM |
| Updated: | Dec 17 1998 12:00AM |
| Credit: | Discovered by Mnemonix <[email protected]> on December 17, 1998. |
| Vulnerable: |
Microsoft Proxy Server 2.0 |
| Not Vulnerable: | |
Discussion
Microsoft Proxy 2.0 Internal Network Access Vulnerability
It is possible to connect to an internal network protected by MS Proxy Server 2.0 via port 80 from an external source, even if all incoming connections through port 80 are disabled.
This can be achieved by setting up a host on the same IP subnet as the external interface card and performing the following GET request:
GET http://target:port/HTTP/1.0<enter><enter>
It is possible to connect to an internal network protected by MS Proxy Server 2.0 via port 80 from an external source, even if all incoming connections through port 80 are disabled.
This can be achieved by setting up a host on the same IP subnet as the external interface card and performing the following GET request:
GET http://target:port/HTTP/1.0<enter><enter>
Exploit / POC
Microsoft Proxy 2.0 Internal Network Access Vulnerability
See discussion.
See discussion.
Solution / Fix
Microsoft Proxy 2.0 Internal Network Access Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft Proxy 2.0 Internal Network Access Vulnerability
References:
References:
- MS Proxy 2.0 Vulnerability (Mnemonix)