HTTP Proxy in Sambar Server prior to 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote malicious users to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sambar sambar server 5.0 |
||
sambar sambar server 5.1 |
||
sambar sambar server 6.0 |
||
sambar sambar server 5.2 |
||
sambar sambar server 5.3 |