CVE-2009-0804 - CERT CVE
ID CVE-2009-0804
Sažetak Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Reference
CVSS
Base: 5.4
Impact: 6.9
Exploitability:4.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE NONE NONE
CVSS vektor AV:N/AC:H/Au:N/C:C/I:N/A:N
Zadnje važnije ažuriranje 18-06-2009 - 04:00
Objavljeno 04-03-2009 - 16:30