HTTP Proxy CONNECT Request Relaying

info Nessus Plugin ID 10192

Synopsis

An HTTP proxy running on the remote host can be used to establish interactive sessions.

Description

The proxy allows users to perform CONNECT requests such as :

CONNECT http://cvs.example.org:23

This request gives the person who made it the ability to have an interactive session with a third-party site.

This issue may allow attackers to bypass your firewall by connecting to sensitive ports such as 23 (telnet) via the proxy, or it may allow internal users to bypass the firewall rules and connect to ports or sites they should not be allowed to.

In addition, your proxy may be used to perform attacks against other networks.

Solution

Reconfigure your proxy to refuse CONNECT requests.

Plugin Details

Severity: Info

ID: 10192

File Name: proxy_connect.nasl

Version: Revision: 1.24

Type: remote

Family: Firewalls

Published: 6/22/1999

Updated: 4/27/2016

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Proxy/usage