CVE-2009-0801

EUVD-2009-0799
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
squidsquid_web_proxy_cache
2.7
squidsquid_web_proxy_cache
2.7.stable5:stable5
squidsquid_web_proxy_cache
2.7.stable6:stable6
squidsquid_web_proxy_cache
3.0
squidsquid_web_proxy_cache
3.0_pre1:_pre1
squidsquid_web_proxy_cache
3.0_pre2:_pre2
squidsquid_web_proxy_cache
3.0_pre3:_pre3
squidsquid_web_proxy_cache
3.0_stable1:_stable1
squidsquid_web_proxy_cache
3.0_stable2:_stable2
squidsquid_web_proxy_cache
3.0_stable3:_stable3
squidsquid_web_proxy_cache
3.0_stable4:_stable4
squidsquid_web_proxy_cache
3.0_stable5:_stable5
squidsquid_web_proxy_cache
3.0_stable6:_stable6
squidsquid_web_proxy_cache
3.0_stable7:_stable7
squidsquid_web_proxy_cache
3.0_stable12:_stable12
squidsquid_web_proxy_cache
3.0_stable13:_stable13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
bullseye
4.13-10+deb11u3
fixed
bullseye (security)
4.13-10+deb11u3
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
squid3
dapper
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/435052
http://www.securityfocus.com/bid/33858
http://www.kb.cert.org/vuls/id/435052
http://www.securityfocus.com/bid/33858