Proxy File '.pac' External Request Detection

low Nessus Network Monitor Plugin ID 7205
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

This host has requested proxy settings from a remote web server.

Description

Proxy auto-config files, or PAC files provide the ability to auto configure proxy settings for your browser, including the ability to configure proxy settings on a per URL basis. Recent traffic from this host indicates it has requested a '.pac' file from a remote web server. In the past, malicious software has been known to use these files to perform Man-in-the-Middle attacks against affected systems.

Solution

Ensure this configuration is intended. If not, correct or disable the proxy settings on the remote host.

See Also

https://en.wikipedia.org/wiki/Proxy_auto-config

https://technet.microsoft.com/en-us/library/dd361918.aspx

http://www.nessus.org/u?02a8ece2

http://www.nessus.org/u?fd2efa2f

Plugin Details

Severity: Low

ID: 7205

Version: 1.0

Family: Data Leakage

Published: 6/3/2016

Updated: 8/16/2018