Detections
Analytics

CCProxy < 6.62 HTTP Proxy CONNECT Request Handling Remote Overflow

critical Nessus Plugin ID 34489

Language:

Synopsis

The remote proxy server is affected by a buffer overflow vulnerability.

Description

The remote host is running CCProxy, a proxy server from Youngzsoft.

The installed version is affected by a buffer overflow vulnerability. By sending a 'CONNECT' command along with large amounts of data, it may be possible to crash the application or to execute arbitrary code on the remote system.

Solution

Upgrade to CCProxy 6.62 or later.

See Also

http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html

http://www.youngzsoft.net/ccproxy/whatsnew.htm

Plugin Details

Severity: Critical

ID: 34489

File Name: ccproxy_6_62.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 10/24/2008

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-6415

BID: 31416

CWE: 119

Secunia: 31997