HTTP Proxy Open gopher:// Request Relaying

Info Nessus Plugin ID 11305


The HTTP proxy accepts gopher:// requests.


Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others.

By making gopher requests, an attacker may evade your firewall settings, by making connections to port 70, or may even exploit arcane flaws in this protocol to gain more privileges on this host (see the attached CVE id for such an example).


Reconfigure your proxy so that it refuses gopher requests.

Plugin Details

Severity: Info

ID: 11305

File Name: proxy_gopher.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Firewalls

Published: 2003/03/02

Modified: 2014/05/09

Dependencies: 10195, 17975

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: Proxy/usage

Reference Information

CVE: CVE-2002-0371

BID: 4930

OSVDB: 3004