CVE Vulnerabilities

CVE-2009-0801

Published: Mar 04, 2009 | Modified: Jun 18, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.4 MEDIUM
AV:N/AC:H/Au:N/C:C/I:N/A:N
RedHat/V2
1.8 LOW
AV:A/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected Software

Name Vendor Start Version End Version
Squid_web_proxy_cache Squid 2.7 2.7
Squid_web_proxy_cache Squid 2.7.stable5 2.7.stable5
Squid_web_proxy_cache Squid 2.7.stable6 2.7.stable6
Squid_web_proxy_cache Squid 3.0 3.0
Squid_web_proxy_cache Squid 3.0_pre1 3.0_pre1
Squid_web_proxy_cache Squid 3.0_pre2 3.0_pre2
Squid_web_proxy_cache Squid 3.0_pre3 3.0_pre3
Squid_web_proxy_cache Squid 3.0_stable1 3.0_stable1
Squid_web_proxy_cache Squid 3.0_stable2 3.0_stable2
Squid_web_proxy_cache Squid 3.0_stable3 3.0_stable3
Squid_web_proxy_cache Squid 3.0_stable4 3.0_stable4
Squid_web_proxy_cache Squid 3.0_stable5 3.0_stable5
Squid_web_proxy_cache Squid 3.0_stable6 3.0_stable6
Squid_web_proxy_cache Squid 3.0_stable7 3.0_stable7
Squid_web_proxy_cache Squid 3.0_stable12 3.0_stable12
Squid_web_proxy_cache Squid 3.0_stable13 3.0_stable13
Squid Ubuntu dapper *
Squid Ubuntu gutsy *
Squid Ubuntu hardy *
Squid Ubuntu intrepid *
Squid Ubuntu jaunty *
Squid Ubuntu karmic *
Squid Ubuntu lucid *
Squid Ubuntu maverick *
Squid Ubuntu natty *
Squid Ubuntu oneiric *
Squid3 Ubuntu devel *
Squid3 Ubuntu gutsy *
Squid3 Ubuntu hardy *
Squid3 Ubuntu intrepid *
Squid3 Ubuntu jaunty *
Squid3 Ubuntu karmic *
Squid3 Ubuntu lucid *
Squid3 Ubuntu maverick *
Squid3 Ubuntu natty *
Squid3 Ubuntu oneiric *
Squid3 Ubuntu precise *
Squid3 Ubuntu quantal *
Squid3 Ubuntu raring *

References