WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities

high Nessus Plugin ID 20391

Synopsis

The remote web proxy server is affected by denial of service and buffer overflow vulnerabilities.

Description

The remote host is running WinProxy, a proxy server for Windows.

The installed version of WinProxy's HTTP proxy fails to handle long requests as well as requests with long Host headers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

Solution

Upgrade to WinProxy version 6.1a or later.

See Also

http://www.nessus.org/u?40f07cd6

http://www.nessus.org/u?3a6c81a5

http://www.nessus.org/u?8c88612f

Plugin Details

Severity: High

ID: 20391

File Name: winproxy_http_61a.nasl

Version: 1.19

Type: remote

Family: Firewalls

Published: 1/10/2006

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/5/2006

Vulnerability Publication Date: 1/5/2006

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-3187, CVE-2005-4085

BID: 16147, 16148