Synopsis
The HTTP proxy accepts gopher:// requests.
Description
Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others.
By making gopher requests, an attacker may evade your firewall settings, by making connections to port 70, or may even exploit arcane flaws in this protocol to gain more privileges on this host.
Solution
Reconfigure your proxy so that it refuses gopher requests.
Plugin Details
File Name: proxy_gopher.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Proxy/usage