Back to search
CVE-2012-2212
Published: Apr 28, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20120424 RE: McAfee Web Gateway URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120421 Re: McAfee Web Gateway URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120416 McAfee Web Gateway URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now