5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.4%
DISPUTED Squid 3.1.9 allows remote attackers to bypass the access
configuration for the CONNECT method by providing an arbitrary allowed
hostname in the Host HTTP header. NOTE: this issue might not be
reproducible, because the researcher is unable to provide a squid.conf file
for a vulnerable system, and the observed behavior is consistent with a
squid.conf file that was (perhaps inadvertently) designed to allow access
based on a “req_header Host” acl regex that matches www.uol.com.br.
Author | Note |
---|---|
mdeslaur | Need to check, see reproducer in original post |
sbeattie | dropping to low, as it requires a specific configuration using Host header filtering also, upstream does not have a fix for this. |
seth-arnold | still unable to find a configuration that could demonstrate the problem; as of 2013-01-28, no fix from upstream either. |
mdeslaur | Disputed, so ignored. |
archives.neohapsis.com/archives/bugtraq/2012-04/0117.html
archives.neohapsis.com/archives/bugtraq/2012-04/0131.html
archives.neohapsis.com/archives/bugtraq/2012-04/0140.html
archives.neohapsis.com/archives/bugtraq/2012-04/0146.html
archives.neohapsis.com/archives/bugtraq/2012-04/0163.html
archives.neohapsis.com/archives/bugtraq/2012-04/0165.html
launchpad.net/bugs/cve/CVE-2012-2213
nvd.nist.gov/vuln/detail/CVE-2012-2213
security-tracker.debian.org/tracker/CVE-2012-2213
www.cve.org/CVERecord?id=CVE-2012-2213