CVE-2022-37153 An issue was discovered in Artica Proxy 4.30.000000

An attacker can send a specially-crafted request to access the victim’s system via proxy. There is also a possibility for remote code execution. Artica Proxy versions 4.30.22, 4.30.21, 4.30.20, 4.30.19, 4.30.18, 4.30.17, 4.30.16, 4.30.15, 4.30.14, 4.30.13, 4.30.12, 4.30.11, 4.30.10, 4.30.9, 4.30.8, 4.30.7, 4.30.6, 4.30.5, 4.30.4, 4.30.3, 4.30.2, 4.30.1, 4.30, 4.30.0, 4.30.0-RC1, 4.30.0-RC2, and 4.30.0-RC3 are vulnerable. Artica Proxy versions 4.30.7 and 4.30.6 are not vulnerable. Artica Proxy versions 4.30.0 and 4.30.0-RC3 are not vulnerable. Artica Proxy versions 4.30.0-RC2 and 4.30.0-RC1 are not vulnerable. Artica Proxy versions 4.30.0, 4.30.0-RC3, and 4.30.0-RC2

Overview

There is a vulnerability in Artica Proxy that can be exploited via malicious requests. An attacker can send a specially-crafted request to access the victim’s system via proxy. There is also a possibility for remote code execution.
Artica Proxy versions 4.30.22, 4.30.21, 4.30.20, 4.30.19, 4.30.18, 4.30.17, 4.30.16, 4.30.15, 4.30.14, 4.30 13, and 4 . 30 12 are vulnerable to CVE-2022-37153 while versions 4 . 30 11 ,4 . 30 10 ,4 . 30 9 , and4 . 30 8 are not vulnerable to this vulnerability

How to check if you are vulnerable?

You can check to see if you're vulnerable by running the following command:
curl -I https://

Check vulnerable servers for Artica Proxy version verification

If you are running Artica Proxy, check to see if your proxy is vulnerable by entering the following in a terminal:
curl -I http://api.artica.com/v4/servers
You should get an output like the following:
"HTTP/1.0 200 OK"

Artica Proxy version 4.30.7 and later versions are not vulnerable. Artica Proxy versions 4.30.6 and earlier versions are vulnerable, but 4.30.7 and later versions are not vulnerable to the CVE-2022-37153 vulnerability because they lack the code that can be used to exploit the issue.

Vulnerability Scenario

Artica Proxy versions 4.30.8, 4.30.7, and 4.30.6 are not vulnerable to CVE-2022-37153

Timeline

Published on: 08/24/2022 13:15:00 UTC
Last modified on: 08/26/2022 04:49:00 UTC

References

• https://github.com/Fjowel/CVE-2022-37153
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37153