CVE-2012-2213
Last modified
CVE-2012-2213 is a vulnerability of currently unknown severity. Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br. EPSS estimates a 12.31% chance of exploitation in the next 30 days.
Description
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | 3.1.9 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2213?
How severe is CVE-2012-2213?
How do I fix CVE-2012-2213?
Are you affected by CVE-2012-2213?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST