Cisco Systems, Inc. Information for VU#435052
Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
- Vendor Information Help Date Notified: 09 Dec 2008
- Statement Date:
- Date Updated: 12 Mar 2009
Status
Not Affected
Vendor Statement
The Cisco PSIRT has been investigating and has not found any vulnerable products. If we determine that any of our products are vulnerable, information will be available at: http://www.cisco.com/go/psirt/. Please direct any questions to psirt@cisco.com.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
None
Addendum
Access control lists can be configured to mitigate this vulnerability. The below ACLs limit access allow a proxy server to only connect make outbound connections to TCP port 80.
access-list 111 permit tcp [ip address of proxy] any eq 80
access-list 112 permit tcp any any gt 1023 established
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.