Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-0801

Опубликовано: 04 мар. 2009
Источник: nvd
CVSS2: 5.4
EPSS Низкий

Описание

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid:squid_web_proxy_cache:2.7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:2.7.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:2.7.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_pre3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable12:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid_web_proxy_cache:3.0_stable13:*:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00036
Низкий

5.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2009-0801

ubuntu
почти 17 лет назад

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

redhat логотип

CVE-2009-0801

redhat
почти 17 лет назад

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

debian логотип

CVE-2009-0801

debian
почти 17 лет назад

Squid, when transparent interception mode is enabled, uses the HTTP Ho ...

github логотип

GHSA-w87g-c2c7-4fx5

github
больше 3 лет назад

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

EPSS

Процентиль: 10%
0.00036
Низкий

5.4 Medium

CVSS2

Дефекты

CWE-264