Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1286

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1286
Last Modified 05 Sep 2008 04:36:32
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1286

Summary

HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.

Vulnerable Systems

Application

  • Sambar Server 5.0

  • Sambar Server 5.1

  • Sambar Server 5.2

  • Sambar Server 5.3

  • Sambar Server 6.0


References

XF - sambar-http-gain-access(16054)

BID - 10256

SECTRACK - 1007819

CONFIRM - http://www.sambar.com/security.htm

IDEFENSE - 20030925 Sambar Server Multiple Vulnerabilities

SECUNIA - 9578

BUGTRAQ - 20040430 SECURITY.NNOV: Sambar security quest


Last Updated: 27 May 2016 10:38:18