File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " WinGate 是一款 Windows 平台常用的代理服务器软件,默认配置下其 SOCKS(TCP 1080)、HTTP(TCP 80)及 Telnet(TCP 23)等代理服务可能监听在 0.0.0.0 即所有网络接口上,导致公网任意主机均可连接并使用该代理服务转发流量。远程攻击者可将暴露的 WinGate 服务器用作开放代理中继,从而隐藏攻击来源、转发垃圾邮件或扫描内网资源。此条目属于安全配置不当问题而非软件代码缺陷,影响 WinGate 全版本默认部署场景。"
3+ published = " 1999-01-01"
4+ remediation = " 在 WinGate GateKeeper 管理控制台中设置绑定策略,将 HTTP/SOCKS/Telnet 代理服务的监听地址限制为内网 IP,禁止绑定 0.0.0.0;同时配置客户端访问规则,只允许授权 IP 段使用代理服务。如无法通过配置限制,建议在边界防火墙上阻断外部对 TCP 1080/80/23 等端口的入站访问。"
5+ score = 5.0
6+ severity = " MEDIUM"
7+ sources = [
8+ " cve" ,
9+ " avd" ,
10+ ]
11+ title = " Deerfield WinGate 开放代理配置不当漏洞"
12+ updated = " 2026-06-16"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = []
17+
18+ [id ]
19+ aliases = [" CVE-1999-0657" ]
20+ ave_id = " AVE-1999-0979"
21+
22+ [meta ]
23+ collected_at = " 2026-07-14T00:00:00Z"
24+ status = " completed"
25+
26+ [references ]
27+ urls = [
28+ " https://www.cve.org/CVERecord?id=CVE-1999-0657" ,
29+ " https://nvd.nist.gov/vuln/detail/CVE-1999-0657" ,
30+ ]
You can’t perform that action at this time.
0 commit comments