CVE-2009-1211

Published Apr 1, 2009

Last updated 11 years ago

CVSS info 5.8

Overview

Description: Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-16

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bluecoat:proxysg_va-10:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52A8FDA3-E3E4-407D-9FB3-091A59EA50D4"
          },
          {
            "criteria": "cpe:2.3:a:bluecoat:proxysg_va-15:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "124C54BF-B511-47FF-96A4-7B2DCDDDA2FB"
          },
          {
            "criteria": "cpe:2.3:a:bluecoat:proxysg_va-20:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A95C5F84-3FDE-441A-9DF3-CAAEFBFF9A24"
          },
          {
            "criteria": "cpe:2.3:a:bluecoat:proxysg_va-5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C59FA09-5E58-4741-B591-FA71C5E95AC7"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E11536F-7CFA-41C8-9826-945B6D3606A9"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C162E145-9C08-4763-A5E4-0D383B18380A"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E2D3EE0-8C28-4338-BB55-3942868AEBD5"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A8518E8-575C-42E4-844E-479448E0358A"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "650EF456-4DF5-42B4-BEC5-76F351461DAD"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41104737-2E55-47DE-B29F-F88B07956601"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64AC1648-94E7-4C2F-8D28-906DD3C9E9C9"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3ABD5B1-3CD8-4361-9933-A99C5BCAEC53"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A63F6BE1-3705-41F8-83F2-14262C1A8513"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C50C6D-42FD-47E2-811D-69673144601B"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F61A3FE-A7A2-42B8-BE15-A5904F68C2EB"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053096B7-C691-430B-8EAF-FF8DF0ED3626"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg510-5:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CC9C212-03B8-4D1D-8E66-1CAE9066D3A5"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "844E3782-018D-4CBB-B4E1-B60D713851D3"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3711A175-0F97-4B8D-991B-EE05C6927D35"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25BA7C9D-3E26-4F1B-9C8A-DF864D3F8F91"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFC4B7BB-804A-4628-9829-369A37BB7C33"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "147F05C5-8148-4448-9A27-6A8093E4D501"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB590391-1E89-4585-95B7-C77C3FA127C8"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg810-5:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "066A03FA-CEDF-4C8A-A445-521C9E6E954E"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9858A0D-3368-407A-8438-14EB8BA0F096"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAF352C1-3CA1-4CE4-9067-9819BA327F6F"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3EB21AA-B393-42F6-8945-E8EF1EF81C1C"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2A29D44-8A16-4F5A-9907-85D1F0EC13CC"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:acceleration:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EDF8810-4C81-49E8-B4AA-2B87B5D6C953"
          },
          {
            "criteria": "cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:full_proxy:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5259AF1-EBB5-4083-BF78-2DB7C075E298"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References