Details of VAR-200106-0139

ID

VAR-200106-0139

CVE

CVE-2001-0483

TITLE

Raptor Firewall HTTP Request Proxying Vulnerability

Trust: 0.9

sources: BID: 2517 // CNNVD: CNNVD-200106-096

DESCRIPTION

Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. Raptor Firewall is a product distributed and maintained by Axent Technologies, Inc. Raptor is an Enterprise-level firewall, providing a mixture of features and performance. A problem in the software package could allow intruders access to private web resources. By using the nearest interface of the firewall as a proxy, it is possible to access a system connected to the other interface of the firewall within TCP ports 79-99, and 200-65535. The firewall will only permit connections to the other side on ports in this range, excluding port 80, and using HTTP. This affects firewall rules that permit HTTP traffic. Therefore, it is possible for a malicious user to access internal web assets, and potentially gain access to sensitive information. Axent Raptor firewall version 6.5 has a misconfiguration

Trust: 1.26

sources: NVD: CVE-2001-0483 // BID: 2517 // VULHUB: VHN-3301

AFFECTED PRODUCTS

vendor:	symantec	model:	raptor firewall	scope:	eq	version:	6.5	Trust: 1.6
vendor:	axent	model:	raptor	scope:	eq	version:	6.5	Trust: 0.3

sources: BID: 2517 // CNNVD: CNNVD-200106-096 // NVD: CVE-2001-0483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0483
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200106-096
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3301
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0483
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3301
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3301 // CNNVD: CNNVD-200106-096 // NVD: CVE-2001-0483

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-096

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200106-096

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0483	Trust: 2.0
db:	BID	id:	2517	Trust: 2.0
db:	CNNVD	id:	CNNVD-200106-096	Trust: 0.7
db:	BUGTRAQ	id:	20010324 RAPTOR 6.5 HTTP VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20010327 RE: RAPTOR 6.5 HTTP VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-3301	Trust: 0.1

sources: VULHUB: VHN-3301 // BID: 2517 // CNNVD: CNNVD-200106-096 // NVD: CVE-2001-0483

REFERENCES

url:	http://www.securityfocus.com/bid/2517	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-03/0359.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/171953	Trust: 1.7

sources: VULHUB: VHN-3301 // CNNVD: CNNVD-200106-096 // NVD: CVE-2001-0483

CREDITS

This vulnerability was discovered by Benny Amorsen <benny_amorsen@hp.com> and Christian E. Lysel <chlys@wmdata.com> on August 29, 2000, and was announced via Bugtraq on March 24, 2001.

Trust: 0.9

sources: BID: 2517 // CNNVD: CNNVD-200106-096

SOURCES

db:	VULHUB	id:	VHN-3301
db:	BID	id:	2517
db:	CNNVD	id:	CNNVD-200106-096
db:	NVD	id:	CVE-2001-0483

LAST UPDATE DATE

2024-08-14T13:40:46.118000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3301	date:	2008-09-05T00:00:00
db:	BID	id:	2517	date:	2009-07-11T06:06:00
db:	CNNVD	id:	CNNVD-200106-096	date:	2006-08-22T00:00:00
db:	NVD	id:	CVE-2001-0483	date:	2008-09-05T20:24:13.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3301	date:	2001-06-18T00:00:00
db:	BID	id:	2517	date:	2001-03-24T00:00:00
db:	CNNVD	id:	CNNVD-200106-096	date:	2001-06-18T00:00:00
db:	NVD	id:	CVE-2001-0483	date:	2001-06-18T04:00:00