5.4

CVE-2009-0801

EPSS 0.04%
Published 04.03.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Squid ≫ Squid Web Proxy Cache Version2.7

Squid ≫ Squid Web Proxy Cache Version2.7.stable5

Squid ≫ Squid Web Proxy Cache Version2.7.stable6

Squid ≫ Squid Web Proxy Cache Version3.0

Squid ≫ Squid Web Proxy Cache Version3.0_pre1

Squid ≫ Squid Web Proxy Cache Version3.0_pre2

Squid ≫ Squid Web Proxy Cache Version3.0_pre3

Squid ≫ Squid Web Proxy Cache Version3.0_stable1

Squid ≫ Squid Web Proxy Cache Version3.0_stable2

Squid ≫ Squid Web Proxy Cache Version3.0_stable3

Squid ≫ Squid Web Proxy Cache Version3.0_stable4

Squid ≫ Squid Web Proxy Cache Version3.0_stable5

Squid ≫ Squid Web Proxy Cache Version3.0_stable6

Squid ≫ Squid Web Proxy Cache Version3.0_stable7

Squid ≫ Squid Web Proxy Cache Version3.0_stable12

Squid ≫ Squid Web Proxy Cache Version3.0_stable13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:C/I:N/A:N

http://www.kb.cert.org/vuls/id/435052

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/33858

https://nvd.nist.gov/vuln/detail/CVE-2009-0801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0801

EUVD