Vulnerability Development mailing list archives
Re: Proxy bypass in Opera : security related ?
From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Dec 2001 15:20:13 -0500
On Wed, 05 Dec 2001 10:22:45 +0100, Nicolas Gregoire <ngregoire () exaprobe com> said:
I haven't any really interesting scenario for this bug. Yes, it's possible to make a user follow a link and get a page without using the configured proxy, but if, in a company, there's a proxy and a way to fetch web pages without using the proxy, the problem is, in my opinion, a security policy problem .... Does anybody see any security implication for this bug ?
Yes, that's a problem. A malicious webpage can force you to not use (for example) a Junkbuster proxy that you're using to filter your requests. So a malicious page can do things that *should* have been filtered out by your proxy - and that's a security implication. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Proxy bypass in Opera : security related ? Nicolas Gregoire (Dec 05)
- Re: Proxy bypass in Opera : security related ? maillist (Dec 05)
- RE: Proxy bypass in Opera : security related ? Darren W. MacDonald (Dec 05)
- Re: Proxy bypass in Opera : security related ? Valdis . Kletnieks (Dec 05)
- Re: Proxy bypass in Opera : security related ? maillist (Dec 05)