Kerio Information for VU#150227

HTTP proxy default configurations allow arbitrary TCP connections



Vendor Statement

WinRoute Pro customers are in 99% of cases using NAT for Internet access, therefore making it impossible to connect to the proxy server through external interfaces and thus exploit CONNECT method. Cusomers that are not using NAT but are using (or have enabled) the proxy component, should create appropriate packet filtering rules. The reasonable rule would be to filter incoming external TCP traffic on port 3128, where by default the proxy server listens.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.