Lots of HTTP proxy services use insecure default settings. This could lead to an attacker comprising your system or an third party. Letting an attacker tunnel HTTPS through SSL using the HTTP CONNECT method. By default proxy services listen on all network interfaces and allow HTTP CONNECT method tunnels to any TCP port. If possible, configure your HTTP proxy services to check the application layer contents of HTTP CONNECT methods or apply a patch, or upgrade from your vendor.
------------------------------------------------------------------------------------------------------------------------ http://www.kb.cert.org/vuls/id/150227
Greetz to all Antionline Members and Addicts