5.4

CVE-2009-0802

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Data is provided by the National Vulnerability Database (NVD)
QbikWingate Version6.0.0
QbikWingate Version6.0.1_build_993
QbikWingate Version6.0.1_build_995
QbikWingate Version6.0.2_build_1000
QbikWingate Version6.0.2_build_1001
QbikWingate Version6.0.3_build_1005
QbikWingate Version6.1
QbikWingate Version6.1.1.1077
QbikWingate Version6.1.2
QbikWingate Version6.1.3
QbikWingate Version6.1.4
QbikWingate Version6.2
QbikWingate Version6.2.1
QbikWingate Version6.2.2
QbikWingate Version6.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.294
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 4.9 6.9
AV:N/AC:H/Au:N/C:C/I:N/A:N
http://www.kb.cert.org/vuls/id/435052
Third Party Advisory
US Government Resource