HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
References
| Link | Resource |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html | Vendor Advisory |
| http://secunia.com/advisories/9578 | Vendor Advisory |
| http://securitytracker.com/id?1007819 | Patch |
| http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true | Vendor Advisory |
| http://www.sambar.com/security.htm | Vendor Advisory |
| http://www.securityfocus.com/bid/10256 | Exploit Patch |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16054 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-11-22T02:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-11-22T00:00:00
Link: CVE-2003-1286
JSON object: View
NVD Information
Status : Modified
Published: 2003-12-31T05:00:00.000
Modified: 2017-07-11T01:29:51.463
Link: CVE-2003-1286
JSON object: View
Redhat Information
No data.
CWE