WinProxy < 6.1 R1c HTTP CONNECT Request Overflow

Medium Nessus Network Monitor Plugin ID 3902


The remote HTTP proxy is affected by a buffer overflow vulnerability.


The remote host is running WinProxy, a proxy server for Windows. The version of WinProxy installed on the remote host reportedly contains a design issue that may result in a buffer overflow vulnerability. Using a specially-crafted HTTP CONNECT request, a remote attacker may be able to leverage this issue to execute arbitrary code on the affected host subject to the privileges under which the service runs.


Upgrade to version 6.1 R1c or higher.

See Also[email protected]

Plugin Details

Severity: Medium

ID: 3902

Family: FTP Servers

Published: 2007/02/06

Updated: 2019/03/06

Dependencies: 1803, 1804, 3222

Nessus ID: 24277

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:bluecoat:winproxy

Exploitable With


Reference Information

CVE: CVE-2007-0796

BID: 22393