Vulnerability Description
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bluecoat | Proxysg Va-10 | All versions |
| Bluecoat | Proxysg Va-15 | All versions |
| Bluecoat | Proxysg Va-20 | All versions |
| Bluecoat | Proxysg Va-5 | All versions |
| Bluecoat | Proxysg | All versions |
| Bluecoat | Proxysg Sg210-10 | - |
| Bluecoat | Proxysg Sg210-25 | - |
| Bluecoat | Proxysg Sg210-5 | - |
| Bluecoat | Proxysg Sg510-10 | - |
| Bluecoat | Proxysg Sg510-20 | - |
| Bluecoat | Proxysg Sg510-25 | - |
| Bluecoat | Proxysg Sg510-5 | - |
| Bluecoat | Proxysg Sg810-10 | - |
| Bluecoat | Proxysg Sg810-20 | - |
| Bluecoat | Proxysg Sg810-25 | - |
| Bluecoat | Proxysg Sg810-5 | - |
| Bluecoat | Proxysg Sg9000-10 | - |
| Bluecoat | Proxysg Sg9000-20 | - |
| Bluecoat | Proxysg Sg9000-5 | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id?1021781
- https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparenVendor Advisory
- http://www.securitytracker.com/id?1021781
- https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparenVendor Advisory
FAQ
What is CVE-2009-1211?
CVE-2009-1211 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, S...
How severe is CVE-2009-1211?
CVE-2009-1211 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1211?
Check the references section above for vendor advisories and patch information. Affected products include: Bluecoat Proxysg Va-10, Bluecoat Proxysg Va-15, Bluecoat Proxysg Va-20, Bluecoat Proxysg Va-5, Bluecoat Proxysg.