CVE-2012-2212
N/A
N/A
Summary
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html
References
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.