Proxy accepts POST requests

Description
  • The remote proxy server can be used to send POST requests without any <strong>Content-length</strong> header. <br/> The proxy allows everyone to perform POST HTTP requests such as: <pre> POST http://www.acunetix.com:25 </pre> This may allow attackers to bypass your firewall and connect to sensitive ports like 23 (telnet), 25 (sendmail) using the proxy.
Remediation
  • Restrict proxy access to valid users and/or hosts.
References