CVE-2009-1211
Summary
| CVE | CVE-2009-1211 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-01 10:30:00 UTC |
| Updated | 2013-10-07 16:17:00 UTC |
| Description | Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. |
Risk And Classification
Problem Types: CWE-16
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bluecoat | Proxysg | All | All | All | All |
| Hardware | Bluecoat | Proxysg | All | All | All | All |
| Hardware | Bluecoat | Proxysg Sg210-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg210-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg210-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg210-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg210-5 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg210-5 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg210-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg510-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg510-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-25 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg810-25 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg810-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-10 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-10 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-20 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-20 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-5 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-5 | - | - | full_proxy | All |
| Hardware | Bluecoat | Proxysg Sg9000-5 | - | - | acceleration | All |
| Hardware | Bluecoat | Proxysg Sg9000-5 | - | - | full_proxy | All |
| Application | Bluecoat | Proxysg Va-10 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-10 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-15 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-15 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-20 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-20 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-5 | All | All | All | All |
| Application | Bluecoat | Proxysg Va-5 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Blue Coat ProxySG Host Header Processing May Let Remote Users Bypass Security Restrictions - SecurityTracker | SECTRACK | www.securitytracker.com | |
| hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments | CONFIRM | hypersonic.bluecoat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.