CVE-2009-0803

https://notcve.org/view.php?id=CVE-2009-0803

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. SmoothWall SmoothGuardian, usada en SmoothWall Firewall, NetworkGuardian, y SchoolGuardian 2008, cuando el modo de intercepción trasparente está activado, usa la cabecera HTTP Host para determinar el punto final remoto, lo que permite a los atacantes remotos evitar el control de acceso para Flash, Java, Silverlight y propablemente otras tecnologías, y posiblemente comunicarse con sitios de intranet retringidos, a través de páginas web manipuladas lo que causa que el cliente envíe peticiones HTTP con una cabecera Host modificada. • http://www.kb.cert.org/vuls/id/435052 http://www.kb.cert.org/vuls/id/MAPG-7M6SM7 http://www.securityfocus.com/bid/33858 • CWE-264: Permissions, Privileges, and Access Controls •