Cisco vulnerabilities by product, model, software, and advisory.
Transparent Cache Engine and Content Engine TCP Relay Vulnerability
cisco-sa-20020515-transparent-cache-tcp-relay · NA · Published · Updated
Cisco Cache Engines and Content Engines provide a transparent cache for world wide web pages retrieved via HTTP. These products also can be configured to transparently intercept requests to proxy servers supporting various protocols such as HTTPS. The default configuration of the proxy feature can be abused to open a TCP connection to any reachable destination IP address and hide the true IP source address of the connection. This behavior has been implicated in a variety of undesirable and possibly illegal activities such as transmitting unsolicited commercial e-mail, unauthorized network scanning, and denial of service attacks. There are two vulnerabilities that may cause this problem. The vulnerability for the HTTP proxy can be resolved by upgrading the code to a fixed version. The vulnerability for the HTTPS proxy can be resolved in the field by changing the configuration of the affected device. Fixed versions of the software have been modified to provide a more secure configuration by default. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020515-transparent-cache-tcp-relay .