This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.
The remote service is vulnerable to an access control breach.
There is a flaw in the remote WebWasher Proxy. The Proxy, when issued
a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with
the request and initiate a connection to the local machine.
This bypasses any sort of firewalling as well as gives access to local
applications which are only bound to the loopback.
See also :
Upgrade to a version of WebWasher greater than 3.3.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 16277 ()
Bugtraq ID: 12394
CVE ID: CVE-2005-0316
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.