Security Vulnerability on HTTP Proxy Post Request Relaying and HTTP Proxy Arbitrary Site/Port Relaying
book
Article ID: 168686
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Vulnerability: HTTP Proxy POST Request Relaying ToDo: Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not connect to dangerous ports (1-1024). CertRef: Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=10194 Comment: Counted in: Monitor: NessusOutput: Port: 8080/tcp CVE: NOCVE
Vulnerability: HTTP Proxy POST Request Relaying ToDo: Reconfigure your proxy so that only the users of the internal network can use it, and so that it can not connect to dangerous ports (1-1024). CertRef: Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=10194 Comment: Counted in: Monitor: NessusOutput: Port: 80/tcp CVE: NOCVE
Vulnerability: HTTP Proxy Arbitrary Site/Port Relaying ToDo: Set up ACLs in place to prevent your proxy from accepting toconnect to non-authorized ports. CertRef: Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=10193 Comment: Counted in: Monitor: NessusOutput: Port: 8080/tcp CVE: NOCVE
Vulnerability: HTTP Proxy Arbitrary Site/Port Relaying ToDo: Set up ACLs in place to prevent your proxy from accepting toconnect to non-authorized ports. CertRef: Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=10193 Comment: Counted in: Monitor: NessusOutput: Port: 80/tcp CVE: NOCVE
Resolution
Please add the following CPL code in to Local Policy of the ProxySG appliance, and please note that this is to configure the ProxySG appliance to only allow connections to any OCS on tcp port 80 and 443.