Something wierd has happened since yesterday. My client's internal network scan has come up with 18 out of 20 servers showing the following 3 vulerabilities:
Unauthenticated/Open Web Proxy Detected port 80/tcp
3 HTTP Proxy Supports non-HTTP Protocols port 80/tcp
3 CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability port 80/tcp
The funny thing is that none of these servers are setup as proxy servers and on the last 2 scans these vulerabilities never popped up.
Also, a couple of servers also showed the following:
Squid Proxy Header Parsing Remote Denial of Service
CVE ID: CVE-2009-2855
Vendor Reference: 2541
Bugtraq ID: 36091
Service Modified: 09/01/2009
When there is definitely no Squid Proxy anywhere in the network.
Am I the only person experiencing this? Can anyone shed some light on the situation?