CVE-2009-1211
Published Apr 1, 2009
Last updated 11 years ago
Overview
- Description
- Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-16
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:proxysg_va-10:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52A8FDA3-E3E4-407D-9FB3-091A59EA50D4"
},
{
"criteria": "cpe:2.3:a:bluecoat:proxysg_va-15:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "124C54BF-B511-47FF-96A4-7B2DCDDDA2FB"
},
{
"criteria": "cpe:2.3:a:bluecoat:proxysg_va-20:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A95C5F84-3FDE-441A-9DF3-CAAEFBFF9A24"
},
{
"criteria": "cpe:2.3:a:bluecoat:proxysg_va-5:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C59FA09-5E58-4741-B591-FA71C5E95AC7"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E11536F-7CFA-41C8-9826-945B6D3606A9"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C162E145-9C08-4763-A5E4-0D383B18380A"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E2D3EE0-8C28-4338-BB55-3942868AEBD5"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A8518E8-575C-42E4-844E-479448E0358A"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "650EF456-4DF5-42B4-BEC5-76F351461DAD"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41104737-2E55-47DE-B29F-F88B07956601"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64AC1648-94E7-4C2F-8D28-906DD3C9E9C9"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3ABD5B1-3CD8-4361-9933-A99C5BCAEC53"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A63F6BE1-3705-41F8-83F2-14262C1A8513"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C50C6D-42FD-47E2-811D-69673144601B"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F61A3FE-A7A2-42B8-BE15-A5904F68C2EB"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "053096B7-C691-430B-8EAF-FF8DF0ED3626"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-5:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CC9C212-03B8-4D1D-8E66-1CAE9066D3A5"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "844E3782-018D-4CBB-B4E1-B60D713851D3"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3711A175-0F97-4B8D-991B-EE05C6927D35"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25BA7C9D-3E26-4F1B-9C8A-DF864D3F8F91"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFC4B7BB-804A-4628-9829-369A37BB7C33"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "147F05C5-8148-4448-9A27-6A8093E4D501"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB590391-1E89-4585-95B7-C77C3FA127C8"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-5:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "066A03FA-CEDF-4C8A-A445-521C9E6E954E"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9858A0D-3368-407A-8438-14EB8BA0F096"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAF352C1-3CA1-4CE4-9067-9819BA327F6F"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3EB21AA-B393-42F6-8945-E8EF1EF81C1C"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2A29D44-8A16-4F5A-9907-85D1F0EC13CC"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:acceleration:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EDF8810-4C81-49E8-B4AA-2B87B5D6C953"
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:full_proxy:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5259AF1-EBB5-4083-BF78-2DB7C075E298"
}
],
"operator": "OR"
}
]
}
]