WinProxy < 6.1a Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 3344

Synopsis

The remote proxy is affected by multiple vulnerabilities.

Description

The remote host is running WinProxy, a proxy server for Windows. This version of WinProxy suffers from denial of service and buffer overflow vulnerabilities in its telnet and web proxy servers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

Solution

Upgrade to version 6.1a or higher.

See Also

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365

http://www.nessus.org/u?8c88612f

http://www.winproxy.com

Plugin Details

Severity: Critical

ID: 3344

Family: FTP Servers

Published: 2006/01/06

Updated: 2019/03/06

Dependencies: 1803, 1804

Nessus ID: 20393

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:bluecoat:winproxy

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-4085, CVE-2005-3187, CVE-2005-3654

BID: 16147, 16148, 16149