Can I get a breif description of the packet flow/injected to perform to detect ( CVE-2011-3389 | QID: 62026 HTTP Server Allows CONNECT Method ).
QID 62026 detection is for a different issue than CVE-2011-3389. QID 62026 detects a misconfiguration of a web server or a proxy that allows outside entities to use the CONNECT method to connect to other resources.
To detect this vulnerability we connect to the target and send CONNECT command. If the target replies with a 2xx return code then we consider it vulnerable.
Please let me know if you need more information.
Thank you so much. I already tested it and was able to inject the CONNECT traffic to confirm
telnet <IP1> <port>
CONNECT <ip1:port> HTTP/1.1
thank you again for your time.
CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability is reporting on Citrix Xenapp server 6.5 for port number 443, could you please provide the suggestions how to fix it? it would be a great help for me if get the solution.
Qualys result column showing as below.
CONNECT xx.xx.xxx.xxx:443 HTTP/1.1Host: xx.xx.xxx.xxx#
Retrieving data ...