Vulnerability Description
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sambar | Sambar Server | 5.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.htmlVendor Advisory
- http://secunia.com/advisories/9578Vendor Advisory
- http://securitytracker.com/id?1007819Patch
- http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flasVendor Advisory
- http://www.sambar.com/security.htmVendor Advisory
- http://www.securityfocus.com/bid/10256ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16054
- http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.htmlVendor Advisory
- http://secunia.com/advisories/9578Vendor Advisory
- http://securitytracker.com/id?1007819Patch
- http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flasVendor Advisory
- http://www.sambar.com/security.htmVendor Advisory
- http://www.securityfocus.com/bid/10256ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16054
FAQ
What is CVE-2003-1286?
CVE-2003-1286 is a vulnerability with a CVSS score of 7.5 (HIGH). HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface ...
How severe is CVE-2003-1286?
CVE-2003-1286 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1286?
Check the references section above for vendor advisories and patch information. Affected products include: Sambar Sambar Server.