Detections
Analytics
Proxy Accepts gopher:// Protocol Requests
medium Nessus Network Monitor Plugin ID 1590
Synopsis
The proxy accepts gopher:// requests.Description
The proxy accepts gopher:// requests. Gopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings by making connections to port 70 or may even exploit arcane flaws in this protocol to gain more privileges on this host (see the attached CVE ID for such an example).Solution
Reconfigure your proxy to refuse gopher protocol requests.Plugin Details
Severity: Medium
ID: 1590
Family: Web Servers
Published: 8/20/2004
Updated: 9/16/2018
Nessus ID: 11305
Risk Information
VPR
Risk Factor: Medium
Score: 6.1
Reference Information
CVE: CVE-2002-0371
BID: 4930