Jump to content


Photo

HTTP Proxy POST Request Relaying

proxy

  • Please log in to reply
1 reply to this topic

#1 Joe Pinkston

Joe Pinkston
  • Members
  • 7 posts

Posted 29 October 2013 - 03:40 PM

All,

 

  We ran a vulnerability scan on our network and the Barracuda is allowing the behavior below. Has anyone run into this before that can offer some insight?

 

Synopsis: Interactive sessions can be open through the HTTP proxy.
Description: The proxy allows the users to perform POST requests such as POST http://cvs.nessus.org:21 ?without any Content-length tag.??This request may give an attacker the ability to have an interactive session.?This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 23 (telnet) using your proxy, or it can allow internal users to bypass the firewall rules and connect to ports they should not be allowed to. In addition to that, your proxy may be used to perform attacks against other networks.
Solution: Reconfigure your proxy so that only the users of the internal network can use it, and so that it cannot connect to dangerous ports (1-1024).

 

We haven't seen any exploits, however we are having a third party scan next month and I would like to head this off.

 

Thanks,

Joe


Joe Pinkston
Sr. Systems Engineer & VP, GSD

#2 Matt Heller

Matt Heller
  • Administrators
  • 13 posts

Posted 29 October 2013 - 03:55 PM

Hi joe,

 

We would ask you to create a support case so we can review this and ensure it is a true security issue. Any CVE/NIST # id will help as well.

 

Great profile picture/mess by the way !