{"api_version":"1","generated_at":"2026-04-23T08:03:57+00:00","cve":"CVE-2009-1211","urls":{"html":"https://cve.report/CVE-2009-1211","api":"https://cve.report/api/cve/CVE-2009-1211.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1211","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1211"},"summary":{"title":"CVE-2009-1211","description":"Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-04-01 10:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-16","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments","name":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1021781","name":"http://www.securitytracker.com/id?1021781","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Blue Coat ProxySG Host Header Processing May Let Remote Users Bypass Security Restrictions - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1211","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1211","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-10","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-10","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-25","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-25","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-5","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg210-5","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-10","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-10","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-20","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-20","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-25","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-25","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg510-5","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-10","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-10","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-20","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-20","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-25","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-25","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg810-5","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-10","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-10","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-20","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-20","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-5","cpe6":"-","cpe7":"-","cpe8":"acceleration","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"bluecoat","cpe5":"proxysg_sg9000-5","cpe6":"-","cpe7":"-","cpe8":"full_proxy","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"proxysg_va-10","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"proxysg_va-15","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"proxysg_va-20","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1211","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"proxysg_va-5","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T05:04:49.248Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"},{"name":"1021781","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1021781"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-04-01T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"},{"name":"1021781","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1021781"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-1211","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments","refsource":"CONFIRM","url":"https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"},{"name":"1021781","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1021781"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-1211","datePublished":"2009-04-01T10:00:00.000Z","dateReserved":"2009-03-31T00:00:00.000Z","dateUpdated":"2024-09-17T04:09:14.663Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-04-01 10:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-16","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bluecoat:proxysg_va-10:*:*:*:*:*:*:*:*","matchCriteriaId":"52A8FDA3-E3E4-407D-9FB3-091A59EA50D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bluecoat:proxysg_va-15:*:*:*:*:*:*:*:*","matchCriteriaId":"124C54BF-B511-47FF-96A4-7B2DCDDDA2FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bluecoat:proxysg_va-20:*:*:*:*:*:*:*:*","matchCriteriaId":"A95C5F84-3FDE-441A-9DF3-CAAEFBFF9A24"},{"vulnerable":true,"criteria":"cpe:2.3:a:bluecoat:proxysg_va-5:*:*:*:*:*:*:*:*","matchCriteriaId":"8C59FA09-5E58-4741-B591-FA71C5E95AC7"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*","matchCriteriaId":"1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"9E11536F-7CFA-41C8-9826-945B6D3606A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-10:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"C162E145-9C08-4763-A5E4-0D383B18380A"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"3E2D3EE0-8C28-4338-BB55-3942868AEBD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-25:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"2A8518E8-575C-42E4-844E-479448E0358A"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"650EF456-4DF5-42B4-BEC5-76F351461DAD"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg210-5:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"41104737-2E55-47DE-B29F-F88B07956601"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"64AC1648-94E7-4C2F-8D28-906DD3C9E9C9"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-10:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"B3ABD5B1-3CD8-4361-9933-A99C5BCAEC53"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"A63F6BE1-3705-41F8-83F2-14262C1A8513"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-20:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"33C50C6D-42FD-47E2-811D-69673144601B"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"6F61A3FE-A7A2-42B8-BE15-A5904F68C2EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-25:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"053096B7-C691-430B-8EAF-FF8DF0ED3626"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg510-5:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"3CC9C212-03B8-4D1D-8E66-1CAE9066D3A5"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"844E3782-018D-4CBB-B4E1-B60D713851D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-10:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"3711A175-0F97-4B8D-991B-EE05C6927D35"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"25BA7C9D-3E26-4F1B-9C8A-DF864D3F8F91"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-20:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"DFC4B7BB-804A-4628-9829-369A37BB7C33"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"147F05C5-8148-4448-9A27-6A8093E4D501"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-25:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"DB590391-1E89-4585-95B7-C77C3FA127C8"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg810-5:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"066A03FA-CEDF-4C8A-A445-521C9E6E954E"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"E9858A0D-3368-407A-8438-14EB8BA0F096"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-10:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"EAF352C1-3CA1-4CE4-9067-9819BA327F6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"A3EB21AA-B393-42F6-8945-E8EF1EF81C1C"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-20:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"A2A29D44-8A16-4F5A-9907-85D1F0EC13CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:acceleration:*:*:*:*:*","matchCriteriaId":"2EDF8810-4C81-49E8-B4AA-2B87B5D6C953"},{"vulnerable":true,"criteria":"cpe:2.3:h:bluecoat:proxysg_sg9000-5:-:-:full_proxy:*:*:*:*:*","matchCriteriaId":"A5259AF1-EBB5-4083-BF78-2DB7C075E298"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1211","Ordinal":"1","Title":"CVE-2009-1211","CVE":"CVE-2009-1211","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1211","Ordinal":"1","NoteData":"Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.","Type":"Description","Title":"CVE-2009-1211"},{"CveYear":"2009","CveId":"1211","Ordinal":"2","NoteData":"2009-04-01","Type":"Other","Title":"Published"}]}}}