Proxy accepts POST requests

Description

The remote proxy server can be used to send POST requests without any Content-length header.
The proxy allows everyone to perform POST HTTP requests such as:

POST http://www.acunetix.com:25
This may allow attackers to bypass your firewall and connect to sensitive ports like 23 (telnet), 25 (sendmail) using the proxy.

Remediation

Restrict proxy access to valid users and/or hosts.

References
Severity
Classification
Tags
  • Configuration  Network Alert