Hi All,
Something wierd has happened since yesterday. My client's internal network scan has come up with 18 out of 20 servers showing the following 3 vulerabilities:
Unauthenticated/Open Web Proxy Detected port 80/tcp
QID: 62002
Category: Proxy
3 HTTP Proxy Supports non-HTTP Protocols port 80/tcp
QID: 62003
Category: Proxy
3 CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability port 80/tcp
QID: 62026
Category: Proxy
The funny thing is that none of these servers are setup as proxy servers and on the last 2 scans these vulerabilities never popped up.
Also, a couple of servers also showed the following:
Squid Proxy Header Parsing Remote Denial of Service
QID: 62066
Category: Proxy
CVE ID: CVE-2009-2855
Vendor Reference: 2541
Bugtraq ID: 36091
Service Modified: 09/01/2009
When there is definitely no Squid Proxy anywhere in the network.
Am I the only person experiencing this? Can anyone shed some light on the situation?
TIA,
Steve.N
Check what is running on that port with a command like:
ps -ef | grep `lsof -i :80 | tail -1 | awk '{print $2}'`