WinProxy < 6.1a Multiple Vulnerabilities (credentialed check)

high Nessus Plugin ID 20393

Synopsis

The remote proxy is affected by multiple vulnerabilities.

Description

The remote host is running WinProxy, a proxy server for Windows.

According to the Windows registry, the installed version of WinProxy suffers from denial of service and buffer overflow vulnerabilities in its telnet and web proxy servers. An attacker may be able to exploit these issues to crash the proxy or even execute arbitrary code on the affected host.

Solution

Upgrade to WinProxy version 6.1a or later.

See Also

http://www.nessus.org/u?40f07cd6

http://www.nessus.org/u?3a6c81a5

http://www.nessus.org/u?79b3006b

http://www.nessus.org/u?8c88612f

Plugin Details

Severity: High

ID: 20393

File Name: winproxy_61a.nasl

Version: 1.14

Type: local

Family: Firewalls

Published: 1/10/2006

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/5/2006

Vulnerability Publication Date: 1/5/2006

Exploitable With

Metasploit (Blue Coat WinProxy Host Header Overflow)

Reference Information

CVE: CVE-2005-3187, CVE-2005-3654, CVE-2005-4085

BID: 16147, 16148, 16149