header-logo
Suggest Exploit
vendor:
BadBlue Personal Edition
by:
SecurityFocus
7.5
CVSS
HIGH
Proxy Abuse
284
CWE
Product Name: BadBlue Personal Edition
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: N/A
CPE: a:badblue:badblue_personal_edition
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BadBlue Personal Edition Pass Thru Function Proxy Abuse Vulnerability

BadBlue is prone to a vulnerability that may let the application be abused as a proxy. This vulnerability presents itself due to the 'Pass Thru' function allowing the server to be used as a proxy. This could be exploited by malicious parties to obfuscate their identities and bypass network access controls and firewalls.

Mitigation:

Users should upgrade to the latest version of BadBlue Personal Edition.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11030/info

BadBlue is prone to a vulnerability that may let the application be abused as a proxy. This vulnerability presents itself due to the 'Pass Thru' function allowing the server to be used as a proxy. This could be exploited by malicious parties to obfuscate their identities and bypass network access controls and firewalls.

BadBlue Personal Edition versions 2.5 and prior are reportedly affected by this issue. 

http://www.example.com/ext.dll?mfcisapicommand=PassThru&url=[Any IP:Any Port]/[Any Command]

Navigation

Suggest Exploit

Services By CQR