CVE-2009-1211

Severity

57%

Complexity

86%

Confidentiality

81%

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P).

Overview

Type

Blue Coat Systems

First reported 15 years ago

2009-04-01 10:30:00

Last updated 11 years ago

2013-10-07 16:17:00

Affected Software

Blue Coat Systems Virtual Appliance VA-10

Blue Coat Systems Virtual Appliance VA-15

Blue Coat Systems Virtual Appliance VA-20

Blue Coat Systems Virtual Appliance VA-5

Blue Coat Systems ProxySG

Blue Coat Systems SG210-10 (210 series) Acceleration Edition

Blue Coat Systems SG210-10 (210 series) Full Proxy Edition

Blue Coat Systems SG210-25 (210 series) Acceleration Edition

Blue Coat Systems SG210-25 (210 series) Full Proxy Edition

Blue Coat Systems SG210-5 (210 series) Acceleration Edition

Blue Coat Systems SG210-5 (210 series) Full Proxy Edition

Blue Coat Systems SG510-10 (510 series) Acceleration Edition

Blue Coat Systems SG510-10 (510 series) Full Proxy Edition

Blue Coat Systems SG510-20 (510 series) Acceleration Edition

Blue Coat Systems SG510-20 (510 series) Full Proxy Edition

Blue Coat Systems SG510-20 (510 series) Acceleration Edition

Blue Coat Systems SG510-20 (510 series) Full Proxy Edition

Blue Coat Systems SG510-5 (510 series) Full Proxy Edition

Blue Coat Systems SG810-10 (810 series) Acceleration Edition

Blue Coat Systems SG810-10 (810 series) Full Proxy Edition

Blue Coat Systems SG810-20 (810 series) Acceleration Edition

Blue Coat Systems SG810-20 (810 series) Full Proxy Edition

Blue Coat Systems SG810-25 (810 series) Acceleration Edition

Blue Coat Systems SG810-25 (810 series) Full Proxy Edition

Blue Coat Systems SG810-5 (810 series) Full Proxy Edition

Blue Coat Systems SG9000-10 (9000 series) Acceleration Edition

Blue Coat Systems SG9000-10 (9000 series) Full Proxy Edition

Blue Coat Systems SG9000-20 (9000 series) Acceleration Edition

Blue Coat Systems SG9000-20 (9000 series) Full Proxy Edition

Blue Coat Systems SG9000-5 (9000 series) Acceleration Edition

Blue Coat Systems SG9000-5 (9000 series) Full Proxy Edition

References

1021781

https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.