PT-2007-2645 · Grok Developments · Netproxy

Craig Heffner

Published

2007-03-02

Updated

2017-10-11

CVE-2007-1224

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grok Developments NetProxy version 4.03

Description The issue allows remote attackers to bypass URL filtering. This can be achieved by sending a request that omits "http://" from the URL and specifies the destination port, such as :80.

Recommendations For Grok Developments NetProxy version 4.03, consider updating the URL filtering rules to handle requests without the "http://" prefix and those that specify the destination port explicitly. As a temporary workaround, restrict access to sensitive URLs by implementing additional filtering mechanisms that check for the presence of "http://" and the destination port in incoming requests.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1224

Affected Products

Netproxy

PT-2007-2645 · Grok Developments · Netproxy

CVE-2007-1224

Related Identifiers

Affected Products

References · 6