Proxy Accepts gopher:// Protocol Requests

medium Nessus Network Monitor Plugin ID 1590

Synopsis

The proxy accepts gopher:// requests.

Description

The proxy accepts gopher:// requests. Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings by making connections to port 70 or may even exploit arcane flaws in this protocol to gain more privileges on this host (see the attached CVE ID for such an example).

Solution

Reconfigure your proxy to refuse gopher protocol requests.

Plugin Details

Severity: Medium

ID: 1590

Family: Web Servers

Published: 8/20/2004

Updated: 9/16/2018

Nessus ID: 11305

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

Reference Information

CVE: CVE-2002-0371

BID: 4930