漏洞类别:Web server漏洞等级: 
漏洞信息
NT Mail Server can be configured as a proxy server, as well as a Web configuration server. By default, each function is assigned a port. The configuration function uses port 8000 and the proxy function uses port 8080. If a separate proxy server is being utilized with security restrictions in place, then it's possible to disable the proxy function of the NTMail server, forcing users to go through the restricted proxy server. However, unauthorized users could reconfigure their proxy setup to point to NTMail on port 8000, redirecting them to the Internet with no restrictions.
漏洞危害
By exploiting this vulnerability, unauthorized remote users can use this host as an unrestricted proxy, bypassing local security restrictions.
解决方案
Filter port 8000 on this host. Patch -
There are no vendor supplied patches available at this time. Check NTmailserver.com for updates.
0day
文章评论