QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-2213

Back to search

CVE-2012-2213

Published: Apr 28, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br

VendorProductVersions

n/a

n/a

affected
n/a

References

20120419 RE: Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120420 Re: Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120418 Re: Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120421 Re: Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120416 Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ
20120419 Re: Squid URL Filtering Bypass
mailing-list
x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now