McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5Secunia Security Advisory - Blue Coat has acknowledged a vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to compromise a vulnerable device.
a1f5ca6a34187f03266a8c3bf002d0ae6e27c9cbb8822afc640019d746ac9622Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 64-bit version.
f501b5542283ff5314d059149275673e0bd3f582e2dd9bf874a957a697e82340Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 32-bit version.
aad4eea58cb70eb9f9a3c522f982077489d855b953bf6c30fe9e69c295845898Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 64-bit version.
79b0faa76f914a0c26cf4ca2caecfa49914eab314ac80353d7d28ca80cdc2589Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 32-bit version.
8ea6a4d731627a6b4e2c1666316af08385acd6507d9b252567b02a0faa05bc80Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.
f98c5c3496b4a9067e27396e9930598b9b91eca1b92f93f106307ab600f26eb7Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.
68d8eea7c407151d911b13b7a8fcec1ba0338f7ace0e93b2f6ae207db03938e5iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464abaSecunia Security Advisory - A security issue has been reported in KnProxy, which can be exploited by malicious people to disclose certain sensitive information.
66cd08f6464ac0e61919c486677f62dec7ea691dbf96df61bd861a1efdbb411aUbuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.
7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fbUbuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.
b72f099c8d8ac3650765e3fd99be619d5711842026d8fc594ef9d2cacd4f30d8Secunia Security Advisory - loneferret has discovered a vulnerability in Cyclope Internet Filtering Proxy, which can be exploited by malicious people to cause a DoS (Denial of Service).
6e1e5803a2b32187f3a45adf1518b5a8116d9cbe677afd25e2e295ddeea560f5Cyclope Internet Filtering Proxy version 4.0 suffers from a denial of service vulnerability.
88e107c4bd84cd131ab1004d7397c57eab86ce2aa642b91196f8730223d2e824Red Hat Security Advisory 2011-1392-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
38d5d3cdd137a8ddd27f61f26b4d6bd80a8be345b51f7fcd45471eb5bb0f29baRed Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fcCyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.
2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.
75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9eMandriva Linux Security Advisory 2011-144 - The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial \@ character.
0398641523906dd465280a2065f7651a540f0b837cf29816dc29705635f4b67eContext discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected.
cc7c3ff195e475a2b7ec8ea66d98deaebf0cf9dedd7ae209991e3d3c5d4274d8The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.
99c1b40cb499bb7230f6dcb7690b190f0ac5434e9e581f118b4b1969c1691dbbThe Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Linux releases are all included in this file.
318b8a7ac7957abf70378a1b16c1e6d177b97355de8922a2a727da46027d793aThis is the language pack for Zed Attack Proxy (ZAP). Languages supported include English, Brazilian Portuguese, Chinese, Danish, French, German, Greek, Indonesian, Japanese, Polish, and Spanish.
6183ff2dcbca1d90de8be214492f2c35ec55b93ada75f15714619cc720a1aaa9This is the client API for the Zed Attack Proxy (ZAP).
6d7cff323c60e89b38a9a849a33616a16931393cd68b4f5494c52abb8537b820Red Hat Security Advisory 2011-1293-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
ea39bfc892a77fdbe8a6f552fe2926423db15874fcc35fa5cc0dfca4f6715324
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed