Vulnerabilities > CVE-2009-1211 - Configuration vulnerability in Bluecoat products

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

bluecoat

CWE-16

NVD

Published: 2009-04-01

Updated: 2013-10-07

Summary

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Vulnerable Configurations

Part	Description	Count
Application	Bluecoat Bluecoat Proxysg VA 10 * Bluecoat Proxysg VA 15 * Bluecoat Proxysg VA 20 * Bluecoat Proxysg VA 5 *	4
Hardware	Bluecoat Bluecoat Proxysg * Bluecoat Proxysg Sg210 10 - Bluecoat Proxysg Sg210 25 - Bluecoat Proxysg Sg210 5 - Bluecoat Proxysg Sg510 10 - Bluecoat Proxysg Sg510 20 - Bluecoat Proxysg Sg510 25 - Bluecoat Proxysg Sg510 5 - Bluecoat Proxysg Sg810 10 - Bluecoat Proxysg Sg810 20 - Bluecoat Proxysg Sg810 25 - Bluecoat Proxysg Sg810 5 - Bluecoat Proxysg Sg9000 10 - Bluecoat Proxysg Sg9000 20 - Bluecoat Proxysg Sg9000 5 -	27

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References