Description
-
The remote proxy server can be used to connect to arbitrary ports.
The proxy allows everyone to perform HTTP requests to arbitrary ports, such as:GET http://www.acunetix.com:25
This may allow attackers to bypass your firewall and connect to sensitive ports like 23 (telnet), 25 (sendmail) using the proxy.
Remediation
- Restrict proxy access to valid users and/or hosts. Deny access to non-authorized ports.
References
Severity
Classification
Tags
Related Vulnerabilities