CVE-2009-0804

EPSS 0.27%
Veröffentlicht 04.03.2009 16:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ziproxy ≫ Ziproxy Version2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:C/I:N/A:N

http://www.kb.cert.org/vuls/id/435052

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/33858

http://www.kb.cert.org/vuls/id/MAPG-7N9GN8

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0804

EUVD