WinProxy < 6.1a Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 3344

Synopsis

The remote proxy is affected by multiple vulnerabilities.

Description

The remote host is running WinProxy, a proxy server for Windows. This version of WinProxy suffers from denial of service and buffer overflow vulnerabilities in its telnet and web proxy servers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

Solution

Upgrade to version 6.1a or higher.

See Also

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365

http://www.nessus.org/u?8c88612f

http://www.winproxy.com

Plugin Details

Severity: Critical

ID: 3344

File Name: 3344.prm

Family: FTP Servers

Published: 2006/01/06

Modified: 2016/01/19

Dependencies: 1803, 1804

Nessus ID: 20393

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-4085, CVE-2005-3187, CVE-2005-3654

BID: 16147, 16148, 16149