Published: 31/12/2003 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

HTTP Proxy in Sambar Server prior to 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote malicious users to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sambar sambar server 5.0
sambar sambar server 5.1
sambar sambar server 6.0
sambar sambar server 5.2
sambar sambar server 5.3

source: wwwsecurityfocuscom/bid/10256/info Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization Once the remote attacker has gained access to the administrative interface, further attacks are possible, including privilege escalation and ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true http://www.sambar.com/security.htm http://www.securityfocus.com/bid/10256 http://securitytracker.com/id?1007819 http://secunia.com/advisories/9578 https://exchange.xforce.ibmcloud.com/vulnerabilities/16054 https://nvd.nist.gov https://www.exploit-db.com/exploits/24076/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1286

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect