WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities

High Nessus Plugin ID 20391


The remote web proxy server is affected by denial of service and buffer overflow vulnerabilities.


The remote host is running WinProxy, a proxy server for Windows.

The installed version of WinProxy's HTTP proxy fails to handle long requests as well as requests with long Host headers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.


Upgrade to WinProxy version 6.1a or later.

See Also

Plugin Details

Severity: High

ID: 20391

File Name: winproxy_http_61a.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Firewalls

Published: 2006/01/10

Modified: 2011/09/12

Dependencies: 10582, 11153

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/01/05

Vulnerability Publication Date: 2006/01/05

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-3187, CVE-2005-4085

BID: 16147, 16148

OSVDB: 22237, 22238