CVE-2012-2212
Last modified
CVE-2012-2212 is a vulnerability of currently unknown severity. McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Web Gateway | 7.0.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2212?
How severe is CVE-2012-2212?
How do I fix CVE-2012-2212?
Are you affected by CVE-2012-2212?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST