Detections
Analytics

CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities

high Nessus Plugin ID 17273

Language:

Synopsis

The remote HTTP proxy server is affected by multiple issues.

Description

The remote host is running a version of Computalynx's CProxy Server that suffers from the following vulnerabilities:

 - Arbitrary Local File Access CProxy allows an attacker to retrieve arbitrary local files by issuing an HTTP request with directory traversal sequences relative to a subdirectory under CProxy's cache/intracache directory. This may lead to the disclosure of sensitive information.

 - Denial of Service Vulnerability An attacker may crash the proxy while requesting arbitrary local files, either by requesting an executable file or by using a GET (as opposed to HEAD or POST) request.

Solution

Unknown at this time.

See Also

https://seclists.org/bugtraq/2005/Mar/68

Plugin Details

Severity: High

ID: 17273

File Name: cproxy_dir_traversal.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 3/5/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

Required KB Items: Proxy/usage

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/3/2005

Reference Information

CVE: CVE-2005-0657

BID: 12722