Title: Microsoft IE5 WPAD Spoofing Vulnerability
Severity: MODERATE
Description:
IE5's automatic proxy configuration feature, WPAD, (Web Proxy Auto-Discovery) can be fooled into using or attempting to use a non-authorized server as a proxy server. An attacker on a different network could use this to read web traffic from the IE5 client.
IE5 will search for a WPAD server by looking for machines named wpad.x.x.x in the current domain. If none is found, it will proceed up the domain name structure, until it gets to the third-level domain name.
For example, IE5 running on host a.b.c.d.net would first look for wpad.b.c.d.net, then wpad.c.d.net, then wpad.d.net.
In certain network configurations, the third-level domain is not neccessarily a trusted part of the network, and an attacker could set up a server to cause IE5 clients to use a hostile machine as proxy.
Affected Products:
- Microsoft Internet Explorer 5.0 for Windows 2000
- Microsoft Internet Explorer 5.0 for Windows 95
- Microsoft Internet Explorer 5.0 for Windows 98
- Microsoft Internet Explorer 5.0 for Windows NT 4.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
References:
- Internet Engineering Task Force: Web Proxy Auto-Discovery Protocol Internet Draft
- Microsoft: Frequently Asked Questions: Microsoft Security Bulletin (MS00-033)
- Microsoft: Frequently Asked Questions: Microsoft Security Bulletin MS99-054
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
