1. Home
  2. CVE Database
  3. CVE-2012-2213
MEDIUM · 5.0

CVE-2012-2213

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reprodu...

Vulnerability Description

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Squid-CacheSquid3.1.9

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2012-2213?

CVE-2012-2213 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reprodu...

How severe is CVE-2012-2213?

CVE-2012-2213 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2213?

Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.