Vulnerability Description
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Web Gateway | 7.0.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html
FAQ
What is CVE-2012-2212?
CVE-2012-2212 is a vulnerability with a CVSS score of 5.0 (MEDIUM). McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not...
How severe is CVE-2012-2212?
CVE-2012-2212 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2212?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Web Gateway.