Vulnerabilities > CVE-2004-0326 - Buffer Overrun vulnerability in Proxy-Pro Professional Gatekeeper 4.7

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
proxy-pro
critical
exploit available
metasploit
NVD
Published: 2004-11-23
Updated: 2017-07-11

Summary

Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.

Vulnerable Configurations

Part Description Count
Application
Proxy-Pro
1

Exploit-Db

  • descriptionGateKeeper Pro 4.7 web proxy Remote Buffer Overflow Exploit. CVE-2004-0326. Remote exploit for windows platform
    idEDB-ID:155
    last seen2016-01-31
    modified2004-02-26
    published2004-02-26
    reporterkralor
    sourcehttps://www.exploit-db.com/download/155/
    titleGateKeeper Pro 4.7 Web proxy Remote Buffer Overflow Exploit
  • descriptionProxy-Pro Professional GateKeeper 4.7 Web Proxy Buffer Overrun Vulnerability. CVE-2004-0326. Remote exploit for windows platform
    idEDB-ID:23741
    last seen2016-02-02
    modified2004-02-23
    published2004-02-23
    reporterkralor
    sourcehttps://www.exploit-db.com/download/23741/
    titleProxy-Pro Professional GateKeeper 4.7 Web Proxy Buffer Overrun Vulnerability
  • descriptionProxy-Pro Professional GateKeeper 4.7 GET Request Overflow. CVE-2004-0326. Remote exploit for windows platform
    idEDB-ID:16692
    last seen2016-02-02
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16692/
    titleProxy-Pro Professional GateKeeper 4.7 GET Request Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in Proxy-Pro Professional GateKeeper 4.7. By sending a long HTTP GET to the default port of 3128, a remote attacker could overflow a buffer and execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/PROXY/PROXYPRO_HTTP_GET
last seen2020-03-11
modified2017-07-24
published2006-09-13
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0326
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/proxy/proxypro_http_get.rb
titleProxy-Pro Professional GateKeeper 4.7 GET Request Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82930/proxypro_http_get.rb.txt
idPACKETSTORM:82930
last seen2016-12-05
published2009-10-30
reporterMC
sourcehttps://packetstormsecurity.com/files/82930/Proxy-Pro-Professional-GateKeeper-4.7-GET-Request-Overflow.html
titleProxy-Pro Professional GateKeeper 4.7 GET Request Overflow

References