Vulnerability: Cicsco Cache Engine and Content Engine

Cisco has advised of a vulnerability in Cisco Cache Engines and Content Engines.

These Engines provide a transparent cache for world wide web pages retrieved via HTTP. These products also can be configured to transparently intercept requests to proxy servers supporting various protocols such as HTTPS.

The default configuration of the proxy feature can be abused to open a TCP connection to any reachable destination IP address and hide the true IP source address of the connection. This behavior has been implicated in a variety of undesirable and possibly illegal activities such as transmitting unsolicited commercial e-mail, unauthorized network scanning, and denial of service attacks.

This vulnerability can be resolved in the field by changing the configuration of the affected device. Fixed versions of the software have been modified to provide a more secure configuration by default.

For more details, go to:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments