Vulnerabilities > CVE-2003-1286 - Open Proxy Authentication Bypass vulnerability in Sambar
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 20 |
Exploit-Db
| description | Sambar 5.x Open Proxy and Authentication Bypass Vulnerability. CVE-2003-1286. Remote exploit for windows platform |
| id | EDB-ID:24076 |
| last seen | 2016-02-02 |
| modified | 2003-01-30 |
| published | 2003-01-30 |
| reporter | David Endler |
| source | https://www.exploit-db.com/download/24076/ |
| title | Sambar 5.x Open Proxy and Authentication Bypass Vulnerability |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html
- http://secunia.com/advisories/9578
- http://securitytracker.com/id?1007819
- http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
- http://www.sambar.com/security.htm
- http://www.securityfocus.com/bid/10256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16054