WebWasher Proxy Server < 3.4 Detection
Medium Nessus Network Monitor Plugin ID 2570
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThere is a flaw in the remote WebWasher Proxy. The proxy, when issued a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with the request and initiate a connection to the local machine. This bypasses any sort of firewalling as well as gives access to local applications that are only bound to the loopback.
Solutionupgrade to version 3.4 or higher.