CVE-2009-0804

EPSS 0.27%
Published 04.03.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Ziproxy ≫ Ziproxy Version2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.474

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:C/I:N/A:N

http://www.kb.cert.org/vuls/id/435052

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/33858

http://www.kb.cert.org/vuls/id/MAPG-7N9GN8

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0804

EUVD