Proxy can be used to connect to arbitrary ports

Description

The remote proxy server can be used to connect to arbitrary ports.
The proxy allows everyone to perform HTTP requests to arbitrary ports, such as:

GET http://www.acunetix.com:25 
This may allow attackers to bypass your firewall and connect to sensitive ports like 23 (telnet), 25 (sendmail) using the proxy.

Remediation

Restrict proxy access to valid users and/or hosts. Deny access to non-authorized ports.

References
Severity
Classification
Tags
  • Configuration  Network Alert