CVE-2009-0801

Published: Mar 4, 2009Modified: Apr 23, 2026

5.4

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Exploitability: 4.9 / Impact: 6.9

Source: NVD

Description

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected (16)

Products: Squid: Squid Web Proxy Cache

Squid

1 product

Squid Web Proxy Cache

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Squid Squid Web Proxy Cache	Version 2.7.stable5
Squid Squid Web Proxy Cache	Version 2.7.stable6
Squid Squid Web Proxy Cache	Version 2.7
Squid Squid Web Proxy Cache	Version 3.0
Squid Squid Web Proxy Cache	Version 3.0_pre1
Squid Squid Web Proxy Cache	Version 3.0_pre2
Squid Squid Web Proxy Cache	Version 3.0_pre3
Squid Squid Web Proxy Cache	Version 3.0_stable12
Squid Squid Web Proxy Cache	Version 3.0_stable13
Squid Squid Web Proxy Cache	Version 3.0_stable1
Squid Squid Web Proxy Cache	Version 3.0_stable2
Squid Squid Web Proxy Cache	Version 3.0_stable3
Squid Squid Web Proxy Cache	Version 3.0_stable4
Squid Squid Web Proxy Cache	Version 3.0_stable5
Squid Squid Web Proxy Cache	Version 3.0_stable6
Squid Squid Web Proxy Cache	Version 3.0_stable7

Related CWEs

CWE-264

References (4)

http://www.kb.cert.org/vuls/id/435052

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/33858

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/435052

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/33858

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.