Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-1211

Опубликовано: 01 апр. 2009
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bluecoat:proxysg_va-10:*:*:*:*:*:*:*:*
cpe:2.3:a:bluecoat:proxysg_va-15:*:*:*:*:*:*:*:*
cpe:2.3:a:bluecoat:proxysg_va-20:*:*:*:*:*:*:*:*
cpe:2.3:a:bluecoat:proxysg_va-5:*:*:*:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg510-5:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg810-5:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:full_proxy:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:acceleration:*:*:*:*:*
cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:full_proxy:*:*:*:*:*

EPSS

Процентиль: 40%
0.00185
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-16

Связанные уязвимости

github логотип

GHSA-j749-wjv7-4cf2

github
почти 4 года назад

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

EPSS

Процентиль: 40%
0.00185
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-16