Family: Misc. --> Category: infos
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of WebWasher Proxy
Detailed Explanation for this Vulnerability Test
There is a flaw in the remote WebWasher Proxy. The Proxy, when issued
a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with
the request and initiate a connection to the local machine.
This bypasses any sort of firewalling as well as gives access to local
applications which are only bound to the loopback.
Solution: Upgrade to a version of WebWasher greater than 3.3.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.