Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1211

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2009-1211
Last Modified 07 Oct 2013 12:17:36
Published 01 Apr 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1211

Summary

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Vulnerable Systems

Application

  • Bluecoat Proxysg 3

  • Bluecoat Proxysg 3.2.8.6

  • Bluecoat Proxysg 4

  • Bluecoat Proxysg 4.1.2.1

  • Bluecoat Proxysg 4.2.6

  • Bluecoat Proxysg 4.3.2.3

  • Bluecoat Proxysg 5.1

  • Bluecoat Proxysg 5.1.6.1

  • Bluecoat Proxysg 5.2

  • Bluecoat Proxysg 5.2.2.4

  • Bluecoat Proxysg 5.2.5.2

  • Bluecoat Proxysg 5.3

  • Bluecoat Proxysg 5.3.2.1

  • Bluecoat Proxysg 5.4

  • Bluecoat Proxysg 5.4.1.1

  • Bluecoat Proxysg Va-10

  • Bluecoat Proxysg Va-15

  • Bluecoat Proxysg Va-20

  • Bluecoat Proxysg Va-5


References

CONFIRM - https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments

SECTRACK - 1021781


Last Updated: 27 May 2016 11:03:14