CVE-2009-0802

Published: Mar 4, 2009Modified: Apr 23, 2026

5.4

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Exploitability: 4.9 / Impact: 6.9

Source: NVD

Description

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected (15)

Products: Qbik: Wingate

Qbik

1 product

Wingate

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Qbik Wingate	Version 6.0.0
Qbik Wingate	Version 6.0.1_build_993
Qbik Wingate	Version 6.0.1_build_995
Qbik Wingate	Version 6.0.2_build_1000
Qbik Wingate	Version 6.0.2_build_1001
Qbik Wingate	Version 6.0.3_build_1005
Qbik Wingate	Version 6.1.1.1077
Qbik Wingate	Version 6.1.2
Qbik Wingate	Version 6.1.3
Qbik Wingate	Version 6.1.4
Qbik Wingate	Version 6.1
Qbik Wingate	Version 6.2.1
Qbik Wingate	Version 6.2.2
Qbik Wingate	Version 6.2
Qbik Wingate	Version 6.5.2

Related CWEs

CWE-264

References (4)

http://www.kb.cert.org/vuls/id/435052

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/33858

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/435052

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/33858

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.