6 matches found
EUVD-2009-0801
Malware in sbrugna...
Design/Logic Flaw
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
CVE-2009-0803
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
CVE-2009-0803
CVE-2009-0803 affects SmoothWall SmoothGuardian (used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008). In transparent interception mode, the product uses the HTTP Host header to determine the remote endpoint, allowing a crafted page to cause a client to send HTTP requests with a...
CVE-2009-0803
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
多个HTTP代理HTTP Host头错误中继行为漏洞
BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接,而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值,这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接,因此攻击者可以连接到代理可连接到的任何网站或资源,包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...