Alcatel Information for VU#150227

HTTP proxy default configurations allow arbitrary TCP connections

Status

Not Affected

Vendor Statement

In relation to this CERT vulnerability note on security vulnerabilities with HTTP CONNECT, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that none of our products which embed an HTTP proxy is affected when used as delivered to customers. Customers may contact their Alcatel support representative for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential HTTP CONNECT security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC does not have information about the default configurations of Alcatel devices that implement HTTP proxy services.

If you have feedback, comments, or additional information about this vulnerability, please send us email.