5.4

CVE-2009-0801

EPSS 0.04%
Veröffentlicht 04.03.2009 16:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid ≫ Squid Web Proxy Cache Version2.7

Squid ≫ Squid Web Proxy Cache Version2.7.stable5

Squid ≫ Squid Web Proxy Cache Version2.7.stable6

Squid ≫ Squid Web Proxy Cache Version3.0

Squid ≫ Squid Web Proxy Cache Version3.0_pre1

Squid ≫ Squid Web Proxy Cache Version3.0_pre2

Squid ≫ Squid Web Proxy Cache Version3.0_pre3

Squid ≫ Squid Web Proxy Cache Version3.0_stable1

Squid ≫ Squid Web Proxy Cache Version3.0_stable2

Squid ≫ Squid Web Proxy Cache Version3.0_stable3

Squid ≫ Squid Web Proxy Cache Version3.0_stable4

Squid ≫ Squid Web Proxy Cache Version3.0_stable5

Squid ≫ Squid Web Proxy Cache Version3.0_stable6

Squid ≫ Squid Web Proxy Cache Version3.0_stable7

Squid ≫ Squid Web Proxy Cache Version3.0_stable12

Squid ≫ Squid Web Proxy Cache Version3.0_stable13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:C/I:N/A:N

http://www.kb.cert.org/vuls/id/435052

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/33858

https://nvd.nist.gov/vuln/detail/CVE-2009-0801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0801

EUVD