CVE-2009-0801
NONE EPSS 86.1%
Published Mar 4, 200917y ago · Modified Jun 16, 20262w ago
Published Mar 4, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Threat Intelligence
EPSS Exploit Probability
86.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| squid | squid_web_proxy_cache | 2.7 | any |
| squid | squid_web_proxy_cache | 2.7.stable5 | any |
| squid | squid_web_proxy_cache | 2.7.stable6 | any |
| squid | squid_web_proxy_cache | 3.0 | any |
| squid | squid_web_proxy_cache | 3.0_pre1 | any |
| squid | squid_web_proxy_cache | 3.0_pre2 | any |
| squid | squid_web_proxy_cache | 3.0_pre3 | any |
| squid | squid_web_proxy_cache | 3.0_stable1 | any |
| squid | squid_web_proxy_cache | 3.0_stable2 | any |
| squid | squid_web_proxy_cache | 3.0_stable3 | any |
| squid | squid_web_proxy_cache | 3.0_stable4 | any |
| squid | squid_web_proxy_cache | 3.0_stable5 | any |
| squid | squid_web_proxy_cache | 3.0_stable6 | any |
| squid | squid_web_proxy_cache | 3.0_stable7 | any |
| squid | squid_web_proxy_cache | 3.0_stable12 | any |
| squid | squid_web_proxy_cache | 3.0_stable13 | any |
References 2
- kb.cert.org http://www.kb.cert.org/vuls/id/435052
- securityfocus.com http://www.securityfocus.com/bid/33858
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.