Lucene search

K
cve[email protected]CVE-2009-0801
HistoryMar 04, 2009 - 4:30 p.m.

CVE-2009-0801

2009-03-0416:30:00
CWE-264
web.nvd.nist.gov
31
squid
transparent interception
access controls bypass
http host header
remote endpoint

8.4 High

AI Score

Confidence

High

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

8.4 High

AI Score

Confidence

High

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

Related for CVE-2009-0801