Astaro Security Linux HTTP CONNECT 未授权访问漏洞

51次阅读
没有评论

Astaro Security Linux HTTP CONNECT 未授权访问漏洞

漏洞ID 1109027 漏洞类型 设计错误
发布时间 2005-08-25 更新时间 2005-10-20
Astaro Security Linux HTTP CONNECT 未授权访问漏洞CVE编号 CVE-2005-2729
Astaro Security Linux HTTP CONNECT 未授权访问漏洞CNNVD-ID CNNVD-200508-305
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26198
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-305
|漏洞详情
AstaroSecurityLinux6.0中的HTTP代理不能正确地过滤向localhost的HTTPCONNECT请求。这使得远程攻击者可以绕过防火墙规则而连接本地服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/14665/info

Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.

This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.

Astaro Security Linux 6.001 is prone to this weakness. 

Connect to TCP port 8080 and enter the following command:

CONNECT localhost:80 HTTP/1.0
|参考资料

来源:BUGTRAQ
名称:20050825AstaroSecurityLinux6.0-HTTPCONNECTAccessLocalhostWeakness
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112501186602731&w;=2
来源:XF
名称:astaro-http-proxy-tcp-connect(22021)
链接:http://xforce.iss.net/xforce/xfdb/22021
来源:BID
名称:14665
链接:http://www.securityfocus.com/bid/14665
来源:SECUNIA
名称:16578
链接:http://secunia.com/advisories/16578/

相关推荐: CalaCode @mail Webmail System POP3 Remote Denial of Service Vulnerability

CalaCode @mail Webmail System POP3 Remote Denial of Service Vulnerability 漏洞ID 1098853 漏洞类型 Failure to Handle Exceptional Conditio…

正文完
 0