WebWasher Information for VU#150227

HTTP proxy default configurations allow arbitrary TCP connections



Vendor Statement

This problem has been fixed with the newest releases of WebWasher EE.
General Availability (GA) release: WebWasher Proxy 3.4.1 Build 175
First Customer Shipment (FCS) release: WebWasher 4.0.0 Build 177

We fixed the problem end of July [2002] and that all version we released since contain this fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.