An attacker can send a specially-crafted request to access the victim’s system via proxy. There is also a possibility for remote code execution. Artica Proxy versions 4.30.22, 4.30.21, 4.30.20, 4.30.19, 4.30.18, 4.30.17, 4.30.16, 4.30.15, 4.30.14, 4.30.13, 4.30.12, 4.30.11, 4.30.10, 4.30.9, 4.30.8, 4.30.7, 4.30.6, 4.30.5, 4.30.4, 4.30.3, 4.30.2, 4.30.1, 4.30, 4.30.0, 4.30.0-RC1, 4.30.0-RC2, and 4.30.0-RC3 are vulnerable. Artica Proxy versions 4.30.7 and 4.30.6 are not vulnerable. Artica Proxy versions 4.30.0 and 4.30.0-RC3 are not vulnerable. Artica Proxy versions 4.30.0-RC2 and 4.30.0-RC1 are not vulnerable. Artica Proxy versions 4.30.0, 4.30.0-RC3, and 4.30.0-RC2
Overview
There is a vulnerability in Artica Proxy that can be exploited via malicious requests. An attacker can send a specially-crafted request to access the victim’s system via proxy. There is also a possibility for remote code execution.
Artica Proxy versions 4.30.22, 4.30.21, 4.30.20, 4.30.19, 4.30.18, 4.30.17, 4.30.16, 4.30.15, 4.30.14, 4.30 13, and 4 . 30 12 are vulnerable to CVE-2022-37153 while versions 4 . 30 11 ,4 . 30 10 ,4 . 30 9 , and4 . 30 8 are not vulnerable to this vulnerability
How to check if you are vulnerable?
You can check to see if you're vulnerable by running the following command:
curl -I https://
Check vulnerable servers for Artica Proxy version verification
If you are running Artica Proxy, check to see if your proxy is vulnerable by entering the following in a terminal:
curl -I http://api.artica.com/v4/servers
You should get an output like the following:
"HTTP/1.0 200 OK"
Artica Proxy version 4.30.7 and later versions are not vulnerable. Artica Proxy versions 4.30.6 and earlier versions are vulnerable, but 4.30.7 and later versions are not vulnerable to the CVE-2022-37153 vulnerability because they lack the code that can be used to exploit the issue.
Vulnerability Scenario
Artica Proxy versions 4.30.8, 4.30.7, and 4.30.6 are not vulnerable to CVE-2022-37153
Timeline
Published on: 08/24/2022 13:15:00 UTC
Last modified on: 08/26/2022 04:49:00 UTC