A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
This Cyber News was published on www.tenable.com. Publication date: Fri, 20 Dec 2024 20:56:02 +0000