Description
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
Products
- Network Appliance NetCache C1100
- Network Appliance NetCache C3100
- Network Appliance NetCache C6100
- Network Appliance NetCache C700
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-1087, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-1087 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References