Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0801
HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-0801

2022-10-0316:24:12
CWE-264
[email protected]
web.nvd.nist.gov
40
squid
transparent interception
access controls bypass
http host header
remote endpoint

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected configurations

NVD
Node
squidsquid_web_proxy_cacheMatch2.7
OR
squidsquid_web_proxy_cacheMatch2.7.stable5
OR
squidsquid_web_proxy_cacheMatch2.7.stable6
OR
squidsquid_web_proxy_cacheMatch3.0
OR
squidsquid_web_proxy_cacheMatch3.0_pre1
OR
squidsquid_web_proxy_cacheMatch3.0_pre2
OR
squidsquid_web_proxy_cacheMatch3.0_pre3
OR
squidsquid_web_proxy_cacheMatch3.0_stable1
OR
squidsquid_web_proxy_cacheMatch3.0_stable2
OR
squidsquid_web_proxy_cacheMatch3.0_stable3
OR
squidsquid_web_proxy_cacheMatch3.0_stable4
OR
squidsquid_web_proxy_cacheMatch3.0_stable5
OR
squidsquid_web_proxy_cacheMatch3.0_stable6
OR
squidsquid_web_proxy_cacheMatch3.0_stable7
OR
squidsquid_web_proxy_cacheMatch3.0_stable12
OR
squidsquid_web_proxy_cacheMatch3.0_stable13

Related

prion 1
debiancve 1
ubuntucve 1
cvelist 1
nvd 1
redhatcve 1
mageia 1
openvas 7
nessus 13
gentoo 1
redhat 2
centos 2
prion
prion
Design/Logic Flaw
2009-03-04 16:30:00
debiancve
debiancve
CVE-2009-0801
2022-10-03 16:24:12
ubuntucve
ubuntucve
CVE-2009-0801
2009-03-04 00:00:00
cvelist
cvelist
CVE-2009-0801
2022-10-03 16:24:12
nvd
nvd
CVE-2009-0801
2009-03-04 16:30:00
redhatcve
redhatcve
CVE-2016-4553
2016-05-09 09:18:41
mageia
mageia
Updated squid packages fix security vulnerability
2016-05-11 22:27:24
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0171)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201309-22
2015-09-29 00:00:00
CentOS Update for squid CESA-2016:1139 centos7
2016-06-03 00:00:00
nessus
nessus
RHEL 4 : squid (Unpatched Vulnerability)
2024-06-03 00:00:00
GLSA-201309-22 : Squid: Multiple vulnerabilities
2013-09-28 00:00:00
Oracle Linux 6 : squid34 (ELSA-2016-1140)
2016-06-01 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00
redhat
redhat
(RHSA-2016:1139) Moderate: squid security update
2016-05-31 04:53:29
(RHSA-2016:1140) Moderate: squid34 security update
2016-05-31 04:53:36
centos
centos
squid security update
2016-05-31 11:59:06
squid34 security update
2016-05-31 10:58:08

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for CVE-2009-0801
prion1debiancve1ubuntucve1cvelist1nvd1redhatcve1mageia1openvas7nessus13gentoo1redhat2centos2