This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.
The remote service is vulnerable to an access control breach.
There is a flaw in the remote WebWasher Proxy. The Proxy, when issued
a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with
the request and initiate a connection to the local machine.
This bypasses any sort of firewalling as well as gives access to local
applications which are only bound to the loopback.
See also :
Upgrade to a version of WebWasher greater than 3.3.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true