CVE-2009-0803

Published Mar 4, 2009

Last updated 15 years ago

Overview

Description: SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.4
Impact score: 6.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:smoothwall:networkguardian:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "125A7E97-7498-4F4B-BF57-72216059F299"
          },
          {
            "criteria": "cpe:2.3:a:smoothwall:schoolguardian:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "056B0BD8-F842-4844-8954-FE1CFC92C6BD"
          },
          {
            "criteria": "cpe:2.3:a:smoothwall:smoothguardian:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4285E19-02DA-4A75-BE6F-F46769FD8A0A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References