Trend Micro Information for VU#150227

HTTP proxy default configurations allow arbitrary TCP connections



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC tested InterScan VirusWall 3.52 on Windows 2000 and found it to be vulnerable. InterScan VirusWall can be used with a separate HTTP proxy service that may be able to block connections that use the HTTP CONNECT method. Web VirusWall for Windows NT requires a separate HTTP proxy service.

This issue has been addressed in InterScan VirusWall for UNIX:

See also: