Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CacheFlow CacheOS HTTP CONNECT TCP Tunnel Vulnerability

CacheFlow CacheOS HTTP CONNECT TCP Tunnel Vulnerability

by Nikola Strahija on February 23rd, 2002 CacheOS includes support for the HTTP CONNECT method, which can be used to tunnel arbitrary TCP connections through a HTTP request. This method is documented in detail in RFC 2817, where it is used to build up a generic mechanism for implementing Transit Layer Security (TLS) over HTTP.


It has been reported that CacheFlow proxies allow access to arbitrary machines and ports within the internal network through the use of a CONNECT request for the internal system. Upon recieving a CONNECT request, the CacheFlow server acts as a TCP proxy, tunneling the conversation. This can be used to launch attacks against internal machines or to, for example, use an internal mail server as an open relay.

Remote: Yes

Exploit: No exploit is required.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »