CVE-2009-1211

Severity Score

5.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Blue Coat ProxySG, cuando el modo de interceptación transparente está activado, usa la cabecera HTTP Host para determinar el "endpoint" (punto de finalización) remoto, lo que permite a atacantes remotos evitar los controles de acceso por Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicarse con sitios de la intranet restringidos, a través de una página web manipulada que provoca que el cliente envíe peticiones HTTP con una cabecera Host modificada.

*Credits: N/A

CVSS Scores

NISTv2 5.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-31 CVE Reserved
2009-04-01 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-16: Configuration

CAPEC

References (2)

URL	Tag	Source
http://www.securitytracker.com/id?1021781	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments	2013-10-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bluecoat Search vendor "Bluecoat"		Proxysg Va-10 Search vendor "Bluecoat" for product "Proxysg Va-10"				*		-		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Va-15 Search vendor "Bluecoat" for product "Proxysg Va-15"				*		-		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Va-20 Search vendor "Bluecoat" for product "Proxysg Va-20"				*		-		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Va-5 Search vendor "Bluecoat" for product "Proxysg Va-5"				*		-		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Search vendor "Bluecoat" for product "Proxysg"				*		-		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-10 Search vendor "Bluecoat" for product "Proxysg Sg210-10"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-10 Search vendor "Bluecoat" for product "Proxysg Sg210-10"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-25 Search vendor "Bluecoat" for product "Proxysg Sg210-25"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-25 Search vendor "Bluecoat" for product "Proxysg Sg210-25"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-5 Search vendor "Bluecoat" for product "Proxysg Sg210-5"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg210-5 Search vendor "Bluecoat" for product "Proxysg Sg210-5"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-10 Search vendor "Bluecoat" for product "Proxysg Sg510-10"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-10 Search vendor "Bluecoat" for product "Proxysg Sg510-10"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-20 Search vendor "Bluecoat" for product "Proxysg Sg510-20"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-20 Search vendor "Bluecoat" for product "Proxysg Sg510-20"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-25 Search vendor "Bluecoat" for product "Proxysg Sg510-25"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-25 Search vendor "Bluecoat" for product "Proxysg Sg510-25"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg510-5 Search vendor "Bluecoat" for product "Proxysg Sg510-5"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-10 Search vendor "Bluecoat" for product "Proxysg Sg810-10"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-10 Search vendor "Bluecoat" for product "Proxysg Sg810-10"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-20 Search vendor "Bluecoat" for product "Proxysg Sg810-20"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-20 Search vendor "Bluecoat" for product "Proxysg Sg810-20"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-25 Search vendor "Bluecoat" for product "Proxysg Sg810-25"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-25 Search vendor "Bluecoat" for product "Proxysg Sg810-25"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg810-5 Search vendor "Bluecoat" for product "Proxysg Sg810-5"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-10 Search vendor "Bluecoat" for product "Proxysg Sg9000-10"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-10 Search vendor "Bluecoat" for product "Proxysg Sg9000-10"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-20 Search vendor "Bluecoat" for product "Proxysg Sg9000-20"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-20 Search vendor "Bluecoat" for product "Proxysg Sg9000-20"				-		full_proxy		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-5 Search vendor "Bluecoat" for product "Proxysg Sg9000-5"				-		acceleration		Affected
Bluecoat Search vendor "Bluecoat"		Proxysg Sg9000-5 Search vendor "Bluecoat" for product "Proxysg Sg9000-5"				-		full_proxy		Affected