Proxy accepts CONNECT requests

Description
  • The remote proxy server can be used to send CONNECT requests. <br/> The proxy allows everyone to perform CONNECT HTTP requests to arbitrary ports, such as: <pre> CONNECT www.acunetix.com:25 </pre> This may allow attackers to bypass your firewall and connect to sensitive ports like 23 (telnet), 25 (sendmail) using the proxy. A spammer may be using your proxy to send bulk email.
Remediation
  • Restrict proxy access to valid users and/or hosts. Deny CONNECT requests.
References