CVE-2023-29476

13/12/2024

Menlo Security web proxy vulnerable to intentionally malformed client requests

CVE ID

CVE-2023-29476

Description

Due to misconfiguration, the Menlo Security web proxy can be bypassed by manipulating the web request headers.

Tested Versions

2.87

Details

The Menlo Security web proxy primarily functions as a secure web gateway designed to protect users and organizations from web-based threats.

Timeline

2023-03-14 - Vendor Disclosure
2024-12-13 - Public Release

Credit

Discovered by Tan Inn Fung of GovTech CSG.