CVE-2009-0803
Summary
| CVE | CVE-2009-0803 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-03-04 16:30:00 UTC |
| Updated | 2009-06-18 04:00:00 UTC |
| Description | SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Smoothwall | Networkguardian | 2008 | All | All | All |
| Application | Smoothwall | Networkguardian | 2008 | All | All | All |
| Application | Smoothwall | Schoolguardian | 2008 | All | All | All |
| Application | Smoothwall | Schoolguardian | 2008 | All | All | All |
| Application | Smoothwall | Smoothguardian | 2008 | All | All | All |
| Application | Smoothwall | Smoothguardian | 2008 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SmoothWall Information for VU#435052 | CONFIRM | www.kb.cert.org | US Government Resource |
| Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability | BID | www.securityfocus.com | Vendor Advisory |
| US-CERT Vulnerability Note VU#435052 | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.