Skip to content

Commit 570c454

Browse files
committed
add: AVE-1999-0979
1 parent 5c559da commit 570c454

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

vulns/1999/AVE-1999-0979.toml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
[basic]
2+
description = "WinGate 是一款 Windows 平台常用的代理服务器软件,默认配置下其 SOCKS(TCP 1080)、HTTP(TCP 80)及 Telnet(TCP 23)等代理服务可能监听在 0.0.0.0 即所有网络接口上,导致公网任意主机均可连接并使用该代理服务转发流量。远程攻击者可将暴露的 WinGate 服务器用作开放代理中继,从而隐藏攻击来源、转发垃圾邮件或扫描内网资源。此条目属于安全配置不当问题而非软件代码缺陷,影响 WinGate 全版本默认部署场景。"
3+
published = "1999-01-01"
4+
remediation = "在 WinGate GateKeeper 管理控制台中设置绑定策略,将 HTTP/SOCKS/Telnet 代理服务的监听地址限制为内网 IP,禁止绑定 0.0.0.0;同时配置客户端访问规则,只允许授权 IP 段使用代理服务。如无法通过配置限制,建议在边界防火墙上阻断外部对 TCP 1080/80/23 等端口的入站访问。"
5+
score = 5.0
6+
severity = "MEDIUM"
7+
sources = [
8+
"cve",
9+
"avd",
10+
]
11+
title = "Deerfield WinGate 开放代理配置不当漏洞"
12+
updated = "2026-06-16"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = []
17+
18+
[id]
19+
aliases = ["CVE-1999-0657"]
20+
ave_id = "AVE-1999-0979"
21+
22+
[meta]
23+
collected_at = "2026-07-14T00:00:00Z"
24+
status = "completed"
25+
26+
[references]
27+
urls = [
28+
"https://www.cve.org/CVERecord?id=CVE-1999-0657",
29+
"https://nvd.nist.gov/vuln/detail/CVE-1999-0657",
30+
]

0 commit comments

Comments
 (0)