Vulnerability Description
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smoothwall | Networkguardian | 2008 |
| Smoothwall | Schoolguardian | 2008 |
| Smoothwall | Smoothguardian | 2008 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/435052US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-7M6SM7US Government Resource
- http://www.securityfocus.com/bid/33858Vendor Advisory
- http://www.kb.cert.org/vuls/id/435052US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-7M6SM7US Government Resource
- http://www.securityfocus.com/bid/33858Vendor Advisory
FAQ
What is CVE-2009-0803?
CVE-2009-0803 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote en...
How severe is CVE-2009-0803?
CVE-2009-0803 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0803?
Check the references section above for vendor advisories and patch information. Affected products include: Smoothwall Networkguardian, Smoothwall Schoolguardian, Smoothwall Smoothguardian.