AnsweredAssumed Answered

Vulnerability Scan showing proxy vulnerabilities when no proxy servers exist

Question asked by Steven Nguyen on Mar 20, 2014
Latest reply on Aug 14, 2015 by Laurence O'Toole

Hi All,

 

Something wierd has happened since yesterday.  My client's internal network scan has come up with 18 out of 20 servers showing the following 3 vulerabilities:

 

Unauthenticated/Open Web Proxy Detected port 80/tcp

QID: 62002

Category: Proxy

 

3 HTTP Proxy Supports non-HTTP Protocols port 80/tcp

QID: 62003

Category: Proxy

 

3 CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability port 80/tcp

QID: 62026

Category: Proxy

 

The funny thing is that none of these servers are setup as proxy servers and on the last 2 scans these vulerabilities never popped up.

 

Also, a couple of servers also showed the following:

 

Squid Proxy Header Parsing Remote Denial of Service

QID: 62066

Category: Proxy

CVE ID: CVE-2009-2855

Vendor Reference: 2541

Bugtraq ID: 36091

Service Modified: 09/01/2009

 

When there is definitely no Squid Proxy anywhere in the network.

 

Am I the only person experiencing this?  Can anyone shed some light on the situation?

 

TIA,

 

Steve.N

Outcomes