Lucene search

[email protected]CVE-2009-0803

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-0803

2022-10-0316:24:11

CWE-264

[email protected]

web.nvd.nist.gov

smoothwall

smoothguardian

access controls

bypass

security vulnerability

http host header

remote endpoint

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected configurations

NVD

Node

smoothwallnetworkguardianMatch2008

smoothwallschoolguardianMatch2008

smoothwallsmoothguardianMatch2008

CPENameOperatorVersion
smoothwall:networkguardiansmoothwall networkguardianeq2008
smoothwall:schoolguardiansmoothwall schoolguardianeq2008
smoothwall:smoothguardiansmoothwall smoothguardianeq2008

CPE	Name	Operator	Version
smoothwall:networkguardian	smoothwall networkguardian	eq	2008
smoothwall:schoolguardian	smoothwall schoolguardian	eq	2008
smoothwall:smoothguardian	smoothwall smoothguardian	eq	2008

References

www.kb.cert.org/vuls/id/435052

www.kb.cert.org/vuls/id/MAPG-7M6SM7

www.securityfocus.com/bid/33858

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2009-0803

nvd1 prion1 cvelist1