Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability

Multiple software and integrated server packages that function as web proxies may be used as open TCP proxies. This is through the usage of the HTTP CONNECT method by default. This method is detailed in RFC 2817, where it is used to build generic Transit Layer Security over HTTP.

Upon receiving a CONNECT request, vulnerable products act as a TCP proxy, tunneling the conversation. This can be used to launch attacks against internal machines or to, for example, use an internal mail server as an open relay.

In many cases, this behavior may be controlled through the server configuration. Often it is related to support for tunneling or SSL related functionality.

The issue may also introduce an additional threat. Trusted, internal hosts may be able to proxy unauthorized connections to arbitrary ports on external hosts, which may violate security policy.

This vulnerability represents a preliminary list of vendors which may have vulnerable default configurations. Updates will be made as additional information becomes available.


Privacy Statement
Copyright 2010, SecurityFocus