Vulnerabilities > CVE-2009-1211 - Configuration vulnerability in Bluecoat products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bluecoat

CWE-16

NVD

Published: 2009-04-01

Updated: 2013-10-07

Summary

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Vulnerable Configurations

Part	Description	Count
Hardware	Bluecoat Bluecoat Proxysg Sg9000 5 - Bluecoat Proxysg Sg9000 20 - Bluecoat Proxysg Sg810 10 - Bluecoat Proxysg Sg210 10 - Bluecoat Proxysg Sg510 10 - Bluecoat Proxysg Sg510 25 - Bluecoat Proxysg Sg210 5 - Bluecoat Proxysg Sg810 20 - Bluecoat Proxysg Sg810 5 - Bluecoat Proxysg Sg810 25 - Bluecoat Proxysg Sg210 25 - Bluecoat Proxysg Sg510 5 - Bluecoat Proxysg Sg510 20 - Bluecoat Proxysg Sg9000 10 - Bluecoat Proxysg *	27
Application	Bluecoat Bluecoat Proxysg VA 15 * Bluecoat Proxysg VA 5 * Bluecoat Proxysg VA 20 * Bluecoat Proxysg VA 10 *	4

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References