Security Vulnerability on HTTP Proxy Post Request Relaying and HTTP Proxy Arbitrary Site/Port Relaying
Article ID: 168686
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Vulnerability: HTTP Proxy POST Request Relaying
ToDo: Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not connect to dangerous ports (1-1024).
CertRef:
Tool Reference:
http://www.nessus.org/plugins/index.php?view=single&id=10194
Comment:
Counted in:
Monitor:
NessusOutput: Port: 8080/tcp
CVE: NOCVE
Vulnerability: HTTP Proxy POST Request Relaying
ToDo: Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not connect to dangerous ports (1-1024).
CertRef:
Tool Reference:
http://www.nessus.org/plugins/index.php?view=single&id=10194
Comment:
Counted in:
Monitor:
NessusOutput: Port: 80/tcp
CVE: NOCVE
Vulnerability: HTTP Proxy Arbitrary Site/Port Relaying
ToDo: Set up ACLs in place to prevent your proxy from accepting toconnect to non-authorized ports.
CertRef:
Tool Reference:
http://www.nessus.org/plugins/index.php?view=single&id=10193
Comment:
Counted in:
Monitor:
NessusOutput: Port: 8080/tcp
CVE: NOCVE
Vulnerability: HTTP Proxy Arbitrary Site/Port Relaying
ToDo: Set up ACLs in place to prevent your proxy from accepting toconnect to non-authorized ports.
CertRef:
Tool Reference:
http://www.nessus.org/plugins/index.php?view=single&id=10193
Comment:
Counted in:
Monitor:
NessusOutput: Port: 80/tcp
CVE: NOCVE
Resolution
Please add the following CPL code in to Local Policy of the ProxySG appliance, and please note that this is to configure the ProxySG appliance to only allow connections to any OCS on tcp port 80 and 443.
<proxy>
url.port=!80 DENY
<proxy>
url.port=443 allow
url.port=!80 DENY
<proxy>
url.port=443 allow
Feedback
Yes
No
Powered by
