HTTP Proxy CONNECT Loop DoS

medium Nessus Plugin ID 17154

Synopsis

The remote proxy may be vulnerable to a denial of service.

Description

The proxy allows the users to perform repeated CONNECT requests to itself.

This allow anybody to saturate the proxy CPU, memory or file descriptors.

** Note that if the proxy limits the number of connections
** from a single IP (e.g. acl maxconn with Squid), it is
** protected against saturation and you may ignore this alert.

Solution

Reconfigure your proxy so that it refuses CONNECT requests to itself.

Plugin Details

Severity: Medium

ID: 17154

File Name: http_proxy_loop_connect.nasl

Version: Revision: 1.12

Type: remote

Family: Web Servers

Published: 2/20/2005

Updated: 1/25/2013

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Proxy/usage