Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2729 — Security Linux vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Astaro Security Linux

Timeline

PublishedAug 30

Latest updateMay 1

Description

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDastaro/security_linux6.001

🔴Vulnerability Details

GHSA

GHSA-qmpg-vp4x-46v9: The HTTP proxy in Astaro Security Linux 6↗2022-05-01

▶

CVEList

CVE-2005-2729: The HTTP proxy in Astaro Security Linux 6↗2005-08-29

▶

💥Exploits & PoCs

Exploit-DB

Astaro Security Linux 6.0 01 - HTTP CONNECT Unauthorized Access↗2005-08-25

▶