WinProxy < 6.1a Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 3344

Synopsis

The remote proxy is affected by multiple vulnerabilities.

Description

The remote host is running WinProxy, a proxy server for Windows. This version of WinProxy suffers from denial of service and buffer overflow vulnerabilities in its telnet and web proxy servers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

Solution

Upgrade to version 6.1a or higher.

See Also

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365

http://www.nessus.org/u?8c88612f

http://www.winproxy.com

Plugin Details

Severity: Critical

ID: 3344

Family: FTP Servers

Published: 1/6/2006

Updated: 3/6/2019

Nessus ID: 20393

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:bluecoat:winproxy

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-3187, CVE-2005-3654, CVE-2005-4085

BID: 16147, 16148, 16149