Alcatel Information for VU#150227
HTTP proxy default configurations allow arbitrary TCP connections
- Vendor Information Help Date Notified: 19 Apr 2002
- Statement Date:
- Date Updated: 20 Jun 2002
In relation to this CERT vulnerability note on security vulnerabilities with HTTP CONNECT, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that none of our products which embed an HTTP proxy is affected when used as delivered to customers. Customers may contact their Alcatel support representative for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential HTTP CONNECT security vulnerabilities and will provide updates if necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC does not have information about the default configurations of Alcatel devices that implement HTTP proxy services.
If you have feedback, comments, or additional information about this vulnerability, please send us email.