CVE-2009-0801

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
squidsquid_web_proxy_cache
2.7
squidsquid_web_proxy_cache
2.7.stable5:stable5
squidsquid_web_proxy_cache
2.7.stable6:stable6
squidsquid_web_proxy_cache
3.0
squidsquid_web_proxy_cache
3.0_pre1:_pre1
squidsquid_web_proxy_cache
3.0_pre2:_pre2
squidsquid_web_proxy_cache
3.0_pre3:_pre3
squidsquid_web_proxy_cache
3.0_stable1:_stable1
squidsquid_web_proxy_cache
3.0_stable2:_stable2
squidsquid_web_proxy_cache
3.0_stable3:_stable3
squidsquid_web_proxy_cache
3.0_stable4:_stable4
squidsquid_web_proxy_cache
3.0_stable5:_stable5
squidsquid_web_proxy_cache
3.0_stable6:_stable6
squidsquid_web_proxy_cache
3.0_stable7:_stable7
squidsquid_web_proxy_cache
3.0_stable12:_stable12
squidsquid_web_proxy_cache
3.0_stable13:_stable13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
squid3
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/435052
http://www.securityfocus.com/bid/33858
http://www.kb.cert.org/vuls/id/435052
http://www.securityfocus.com/bid/33858