VU#150227 - HTTP proxy default configurations allow arbitrary TCP connections

VU#150227 - HTTP proxy default configurations allow arbitrary TCP connections
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
Carnegie Mellon University
Software Engineering Institute
CERT Coordination Center
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
HTTP proxy default configurations allow arbitrary TCP connections
Vulnerability Note VU#150227
Original Release Date: 2002-05-17 | Last Revised: 2005-04-29
Overview
Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts.
Description
HTTP proxy services commonly support the HTTP CONNECT method, which is designed to create a TCP connection that bypasses the normal application layer functionality of the proxy service. Typically, the HTTP CONNECT method is used to tunnel HTTPS connections through an HTTP proxy. The proxy service does not decrypt the HTTPS traffic, as this would violate the end-to-end security model used by TLS/SSL.
The HTTP CONNECT method is described in an expired IETF Internet-Draft written in 1998 by Ari Luotonen. This document clearly explains the security risks associated with the HTTP CONNECT method:
6. Security Considerations
The CONNECT tunneling mechanism is really a lower-level function than
the rest of the HTTP methods, kind of an escape mechanism for saying
that the proxy should not interfere with the transaction, but merely
forward the data.  In the case of SSL tunneling, this is because the
proxy should not need to know the entire URI that is being accessed
(privacy, security), only the information that it explicitly needs
(hostname and port number) in order to carry out its part.
Due to this fact, the proxy cannot necessarily verify that the
protocol being spoken is really what it is supposed to tunnel (SSL
for example), and so the proxy configuration should explicitly limit
allowed connections to well-known ports for that protocol (such as
443 for HTTPS, 563 for SNEWS, as assigned by IANA, the Internet
Assigned Numbers Authority).
Ports of specific concern are such as the telnet port (port 23), SMTP
port (port 25) and many UNIX specific service ports (range 512-600).
Allowing such tunnelled connections to e.g. the SMTP port might
enable sending of uncontrolled E-mail ("spam").
Many vendors' HTTP proxy services are configured by default to listen on all network interfaces and to allow HTTP CONNECT method tunnels to any TCP port. A proxy may also allow the GET method with a crafted HTTP 1.1 Host request-header and the POST method to be used to create arbitrary TCP connections. Other HTTP methods (PUT) and FTP commands (USER/PASS, SITE, OPEN) can also be used to make arbitrary TCP connections through proxy services. SOCKS proxies suffer from similar insecure default configuration vulnerabilities, as do products that provide FTP proxy services.
Since most proxy services do not inspect application layer data in an HTTP CONNECT method tunneled connection, almost any TCP-based protocol may be forwarded through the proxy service. This creates an additional vulnerability in the case of HTTP anti-virus scanners and content filters that do not check the contents of an HTTP CONNECT method tunnel [VU#868219]. In addition, an attacker may be able to cause a denial of service by making recursive connections to a proxy service. Note that a wide variety of products including proxy servers, web servers, web caches, firewalls, and content/virus scanners provide HTTP proxy services.
Most products can be configured to specify which networks can access the HTTP proxy service and which destination TCP ports (and possibly IP addresses) are permitted. Products that provide a reasonably secure default configuration are noted as "Not Vulnerable" in the Systems Affected section of this document. It is important to note that any proxy service can be configured insecurely, potentially allowing access from any source to any destination IP address and TCP port.
Impact
The HTTP CONNECT method, as well as other HTTP methods and FTP commands, can be abused to establish arbitrary TCP connections through vulnerable proxy services. An attacker could use a vulnerable proxy service on one network as an intermediary to scan or connect to TCP services on another network. In a more severe case, an attacker may be able to establish a connection from a public network, such as the Internet, through a vulnerable proxy service to an internal network.
The CERT/CC has received numerous reports of this technique being used to connect to SMTP services (25/tcp) to initiate the delivery of unsolicited bulk email (UCE/SPAM).
If a proxy service allows recursive connections, an attacker may be able to cause a denial-of-service condition by consuming resources by making repeated connections from the proxy service back to itself.
Solution
Apply Patch or Upgrade
Apply a patch or upgrade from your vendor. For information about a specific vendor, check the Systems Affected section of this document or contact your vendor directly.
Vendors listed as "Not Vulnerable" ship HTTP proxy services with reasonably secure default configurations, meaning that the proxy only allows connections to a limited number of TCP ports, or only listens on an internal or loopback interface, or requires further configuration before it will pass traffic. The vendor ships a secure or disabled proxy, and the responsibility of configuring the proxy is placed on the administrator. Note that almost any proxy service, including those from vendors listed as "Not Vulnerable," can be configured insecurely. Different distributions or packages may configure the same proxy application in different ways.
Secure Proxy Configuration
Check the configuration of your proxy services to determine if they allow connections to arbitrary TCP ports and whether they allow connections from untrusted networks such as the Internet. Configure your proxy services to only allow connections from trusted networks to reasonably safe TCP ports such as HTTP (80/tcp) and HTTPS (443/tcp). If possible, configure your proxy services not to allow recursive connections. For more information about specific products, check the Systems Affected section of this document, consult your product documentation, or contact your vendor.
Examine Tunneled Data
If possible, configure your HTTP proxy services to check the application layer contents of HTTP CONNECT method tunnels. Even if an HTTP proxy service is not able to decrypt HTTPS data, the proxy service could examine the initial stages of an HTTP CONNECT method connection to confirm that an SSL/TLS handshake is indeed being performed.
Vendor Information
Expand all
AnalogX
Affected
Updated:  September 23, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
AnalogX Proxy 4.14 (May 2003) blocks connections to port 25/tcp by default and provides access control for destination ports used by the HTTP CONNECT method. A warning is displayed if the proxy is configured to listen on all IP addresses, and the proxy can be bound to one address.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Astaro Security Linux
Affected
Updated:  June 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us
email
CacheFlow Inc.
Affected
Updated:  September 15, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
In a
message
posted to BugTraq (
BID 4143
), Steve VanDevender reports that this vulnerability has been exploited in
CacheFlow
products to relay spam. In this
message
to the Incidents mailing list, Tim Kennedy provides a more secure CacheFlow configuration.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Cisco Systems Inc.
Affected
Notified:  April 19, 2002
Updated: May 16, 2002
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Cisco has released a
Cisco Security Advisory
addressing this vulnerability (CSCdx05705).
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM
Affected
Notified:  April 19, 2002
Updated: September 23, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
It has been reported that IBM Web Traffic Express (WTE)/WebSphere EdgeServer ships with an insecure HTTP proxy configuration.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Kerio
Affected
Updated:  October 15, 2002
Status
Affected
Vendor Statement
WinRoute Pro customers are in 99% of cases using NAT for Internet access, therefore making it impossible to connect to the proxy server through external interfaces and thus exploit CONNECT method. Cusomers that are not using NAT but are using (or have enabled) the proxy component, should create appropriate packet filtering rules. The reasonable rule would be to filter incoming external TCP traffic on port 3128, where by default the proxy server listens.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Novell
Affected
Notified:  April 19, 2002
Updated: June 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see the "
Proxy used for spam
" thread in
novell.support.internet.bordermanager.proxies-fastcache
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Symantec Corporation
Affected
Notified:  April 19, 2002
Updated: June 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Tiny Software
Affected
Updated:  June 25, 2002
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Trend Micro
Affected
Notified:  April 19, 2002
Updated: February 10, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC tested InterScan VirusWall 3.52 on Windows 2000 and found it to be vulnerable. InterScan VirusWall can be used with a separate HTTP proxy service that may be able to block connections that use the HTTP CONNECT method. Web VirusWall for Windows NT requires a separate HTTP proxy service.
This issue has been addressed in InterScan VirusWall for UNIX:
See also:
If you have feedback, comments, or additional information about this vulnerability, please send us
email
WebWasher
Affected
Updated:  June 19, 2003
Status
Affected
Vendor Statement
This problem has been fixed with the newest releases of WebWasher EE.
General Availability (GA) release: WebWasher Proxy 3.4.1 Build 175
First Customer Shipment (FCS) release: WebWasher 4.0.0 Build 177
We fixed the problem end of July [2002] and that all version we released since contain this fix.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Alcatel
Not Affected
Notified:  April 19, 2002
Updated: June 20, 2002
Status
Not Affected
Vendor Statement
In relation to this CERT vulnerability note on security vulnerabilities with HTTP CONNECT, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that none of our products which embed an HTTP proxy is affected when used as delivered to customers. Customers may contact their Alcatel support representative for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential HTTP CONNECT security vulnerabilities and will provide updates if necessary.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC does not have information about the default configurations of Alcatel devices that implement HTTP proxy services.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Apache
Not Affected
Notified:  April 19, 2002
Updated: October 16, 2002
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The Apache HTTP Server listens on all IP interfaces by default. The
documentation
for the Apache mod_proxy module states: "By default, only the default https port (443) and the default snews port (563) are enabled." Individual vendors may configure Apache differently.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Check Point
Not Affected
Notified:  April 19, 2002
Updated: July 23, 2002
Status
Not Affected
Vendor Statement
The most recent versions of VPN-1/FireWall-1, versions NG FP2 and 4.1 SP6, are in no way vulnerable to the HTTP Connect vulnerability described below. In addition, even in previous versions, Check Point's products did not allow "arbitrary connections"; in fact, no connections were possible unless an explicit rule existed in the rule base allowing a specific connection from the original source IP to the eventual destination IP. No escalation of privilege was granted. No bypass of HTTP content or anti-virus scanning was possible.
The only exposure, per se, was that the outbound connection from the firewall would have the firewall's source IP address when seen by the eventual target.
The simple workaround for this issue, in older product versions, was to simply have a rule on the firewall which blocks connections which come from an external IP address and are destined to an external IP address. Since connections established by the HTTP Connect method must still be validated by the rulebase, this solution (a good idea, in any case) would prevent an external hacker from "bouncing" connections through the firewall to another external system. New versions of VPN-1/FireWall-1 offer the administrator more granular control over the use of HTTP Connect.
Check Point's posted response to this issue as originally published is available at
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
In a
message
posted to bugtraq (
BID 4131
), Volker Tanger reports that this vulnerability could allow an arbitrary TCP connection to be made through FireWall-1 4.1 SP5. Based on further public discussion and information from Check Point, it seems that while the FireWall-1 HTTP proxy service may allow arbitrary HTTP CONNECT method connections, such connections are denied unless explicitly permitted in the firewall rule base.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
DeleGate
Not Affected
Updated:  June 29, 2004
Status
Not Affected
Vendor Statement
When DeleGate is running as a HTTP proxy server, it allows only port 443 and 564 as the destination port of the CONNECT method, by default. When DeleGate relays a request with a header, it removes malformed header fields like "RCPT To:..." for example (illegal space in this case). And when DeleGate is relaying to a non-HTTP but privileged port, it tries to detect greeting message from non-HTTP server before relaying a request to it. If the server returns non-HTTP response like "220 ready" within a specified time period, then the request is rejected without forwarded to the server. These mechanisms have been available since 1999 (after DeleGate version 6).
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see the
Access control
section of the DeleGate manual.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
F5 Networks
Not Affected
Notified:  April 19, 2002
Updated: May 28, 2002
Status
Not Affected
Vendor Statement
F5 Networks' EDGE-FX Cache product permits CONNECT requests only to ports 443, 8443, 8081, and 563 by default.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Hewlett-Packard Company
Not Affected
Notified:  April 19, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
[HP does not] have any products with insecure default configurations in HTTP proxy services.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Inktomi Corporation
Not Affected
Notified:  May 13, 2002
Updated: May 23, 2002
Status
Not Affected
Vendor Statement
Inktomi Traffic Server allows CONNECT tunnels only to a list of specifically allowed target ports. CONNECT requests to any other port will be denied. The allowed port list can be read or updated from the "Protocols" page of the administrative GUI, or by editting the proxy .config.http.ssl_ports variable in the master configuration file. The only ports allowed by default are port 443 and port 563. Traffic Server blocks recursive service requests.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Juniper Networks
Not Affected
Notified:  May 18, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
Our products do not provide HTTP services, so there is no impact for us.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Junkbusters
Not Affected
Updated:  February 10, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The default configuration of
Internet Junkbuster
2.0.2 only blocks access to port 23/tcp, but also only listens to the loopback interface (127.0.0.1). Access to other TCP ports can be restricted as specified in the Internet Junkbuster
FAQ
. Previous versions of Junkbuster may by default listen on all interfaces (INADDR ANY) without an adequate ACL.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Lotus Software
Not Affected
Notified:  April 19, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
Lotus products are not vulnerable. [Lotus does] not provide proxy services.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
MultiNet
Not Affected
Notified:  April 19, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
Neither MultiNet nor TCPware include an HTTP server or HTTP proxy services.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
NEC Corporation
Not Affected
Updated:  June 29, 2004
Status
Not Affected
Vendor Statement
SAFEBORDER (SSL VPN appliance)
- is NOT vulnerable.
Although it works as a SOCKS proxy service, it allows no TCP/UDP connection with its default configuration.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Oracle Corporation
Not Affected
Notified:  April 23, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
Our proxy services and HTTP proxies are not vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
RabbIT
Not Affected
Updated:  May 23, 2002
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The default configuration of RabbIT limits HTTP CONNECT method connections to ports 443/TCP, 444/TCP, and 445/TCP.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Squid
Not Affected
Updated:  October 16, 2002
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
By default, Squid allows access to a limited number of privileged ports and all non-privileged ports, as noted in the Squid
Access Controls FAQ
. Squid also denies all client requests by default, as noted in the Squid
Security Concerns FAQ
. Individual vendors may configure Squid differently.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
TIS
Not Affected
Updated:  April 16, 2002
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The TIS Firewall Toolkit (
FWTK)
2.x supports
HTTP tunneling
via the http-gw and/or plug-gw modules. Also, an older SSL proxy module (
ssl-gw
) is available. The sample configuration included with FWTK 2.1 does not enable HTTP tunneling.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Wind River Systems Inc.
Not Affected
Notified:  April 19, 2002
Updated: May 29, 2002
Status
Not Affected
Vendor Statement
[O]ur embedded web servers don't offer these capabilities [HTTP CONNECT method support].
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
3Com
Unknown
Notified:  April 23, 2002
Updated: May 23, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
ACME Laboratories
Unknown
Updated:  September 23, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us
email
AT&T
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Aladdin Knowledge Systems
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Apple Computer Inc.
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
CERN
Unknown
Updated:  April 19, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
CERN httpd (W3C httpd) has not been maintained since 1996. The CERN httpd does not appear to support the HTTP CONNECT method.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
CGIProxy
Unknown
Updated:  September 23, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Compaq Computer Corporation
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Computer Associates
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
CyberSoft
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Data General
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Debian
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Eolian
Unknown
Updated:  May 24, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Eolian
went out of business in 2000. The vulnerability status of their InfoStorm product is unknown.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Finjan Software
Unknown
Updated:  April 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Fujitsu
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM-zSeries
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Lucent Technologies
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Microsoft Corporation
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Netscape Communications Corporation
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Network Appliance
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Network Associates
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
OpenBSD
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Proland Software
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
RhinoSoft
Unknown
Updated:  September 23, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SGI
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SapporoWorks
Unknown
Updated:  September 23, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sequent
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Stronghold
Unknown
Updated:  May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
The SCO Group (SCO Linux)
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
The SCO Group (SCO UnixWare)
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Trustix Secure Linux
Unknown
Updated:  October 15, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Unisys
Unknown
Notified:  April 19, 2002
Updated: May 20, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
View all 60 vendors
View less vendors
CVSS Metrics
Group
Score
Vector
Base
Temporal
Environmental
References
Acknowledgements
An instance of this vulnerability in Check Point FireWall-1 was reported by Volker Tanger in February 2002. The CERT/CC thanks Ronald Guilmette for information used in this document.
This document was written by Art Manion.
Other Information
CVE IDs:
None
Severity Metric:
89.51
Date Public:
2002-02-19
Date First Published:
2002-05-17
Date Last Updated:
2005-04-29 15:07 UTC
Document Revision:
104
About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Sponsored by
CISA.
Download PGP Key
Read CERT/CC Blog
Learn about Vulnerability Analysis
Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800
Office Locations
Additional Sites Directory
Legal
Privacy Notice
CMU Ethics Hotline
www.sei.cmu.edu
Contact SEI
Contact CERT/CC
412-268-5800
cert@cert.org