Lucene search
CertccCVE-2012-2566HistoryJun 09, 2012 - 12:55 a.m.
CVE-2012-2566
2012-06-0900:55:01
CWE-264
certcc
web.nvd.nist.gov
28
cve-2012-2566
bloxx web filtering
x-forwarded-for headers
access control
logging
https
remote attackers
ip address restrictions
domain restrictions
log entries
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
75.7%
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header.
Affected configurations
Node
bloxxweb_filteringRange≤5.0.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bloxx | web_filtering | * | cpe:2.3:a:bloxx:web_filtering:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2012-2566
2012-06-09 00:55:01
cvelist
cvelist
CVE-2012-2566
2012-06-09 00:00:00
prion
prion
Design/Logic Flaw
2012-06-09 00:55:00
cert
cert
Bloxx Web Filtering multiple vulnerabilities
2012-05-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
75.7%
Related for CVE-2012-2566