WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote web proxy server is affected by denial of service and
buffer overflow vulnerabilities.

Description :

The remote host is running WinProxy, a proxy server for Windows.

The installed version of WinProxy's HTTP proxy fails to handle long
requests as well as requests with long Host headers. An attacker may
be able to exploit these issues to crash the proxy or even execute
arbitrary code on the affected host.

See also :

http://www.nessus.org/u?40f07cd6
http://www.nessus.org/u?3a6c81a5
http://www.nessus.org/u?8c88612f

Solution :

Upgrade to WinProxy version 6.1a or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 20391 ()

Bugtraq ID: 16147
16148

CVE ID: CVE-2005-3187
CVE-2005-4085