This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.
The HTTP proxy accepts gopher:// requests.
Gopher is an old network protocol which predates HTTP and is nearly
unused today. As a result, gopher-compatible software is generally
less audited and more likely to contain security bugs than others.
By making gopher requests, an attacker may evade your firewall settings,
by making connections to port 70, or may even exploit arcane flaws in
this protocol to gain more privileges on this host (see the attached CVE
id for such an example).
Reconfigure your proxy so that it refuses gopher requests.
Risk factor :
Nessus Plugin ID: 11305 ()
Bugtraq ID: 4930
CVE ID: CVE-2002-0371
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.