Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability

Bugtraq ID: 33858
Class: Design Error
CVE: CVE-2009-0801
CVE-2009-1211
Remote: Yes
Local: No
Published: Feb 23 2009 12:00AM
Updated: Sep 28 2013 12:16AM
Credit: Robert Auger from the PayPal Information Risk Management team
Vulnerable: Ziproxy Ziproxy 2.6
The Mac Orchard DansGuardian 0
Squid Web Proxy Cache 3.0 PRE3
Squid Web Proxy Cache 3.0 PRE2
Squid Web Proxy Cache 3.0 PRE1
Squid Web Proxy Cache 3.0
Squid Web Proxy Cache 3.0.STABLE7
Squid Web Proxy Cache 3.0.STABLE6
Squid Web Proxy Cache 3.0.STABLE5
Squid Web Proxy Cache 3.0.STABLE4
Squid Web Proxy Cache 3.0.STABLE3
Squid Web Proxy Cache 3.0.STABLE2
Squid Web Proxy Cache 3.0.STABLE13
Squid Web Proxy Cache 3.0.STABLE12
Squid Web Proxy Cache 3.0.STABLE1
Squid Web Proxy Cache 2.7.STABLE6
Squid Web Proxy Cache 2.7.STABLE5
Squid Web Proxy Cache 2.7
SmoothWall SmoothGuardian 2008
Qbik WinGate 6.5.2
Qbik WinGate 6.2.2
Qbik WinGate 6.2.1
Qbik WinGate 6.1.4 .1099
Qbik WinGate 6.1.3 .1096
Qbik WinGate 6.1.2 .1094
Qbik WinGate 6.1.1 .1077
Qbik WinGate 6.0.3 build 1005
Qbik WinGate 6.0.2 build 1001
Qbik WinGate 6.0.2 build 1000
Qbik WinGate 6.0.1 build 995
Qbik WinGate 6.0.1 build 993
Qbik WinGate 6.0 .0
Qbik WinGate 6.2
Qbik WinGate 6.1
Gentoo Linux
funkwerk UTM 0
Blue Coat Systems ProxySG 0
Bloxx Bloxx 0
Astaro Security Gateway 7.404
Astaro Security Gateway 7.402
Astaro Security Gateway 7.302
Astaro Security Gateway 7.301
Astaro Security Gateway 7.3
Astaro Security Gateway 7.006
Astaro Security Gateway 7.005
Astaro Security Gateway 7
Not Vulnerable: Ziproxy Ziproxy 2.7
The Mac Orchard DansGuardian 2.10.1.1
funkwerk UTM 1.95.1


 

Privacy Statement
Copyright 2010, SecurityFocus