Lucene search

MitreCVE-2009-0802

HistoryMar 04, 2009 - 4:30 p.m.

CVE-2009-0802

2009-03-0416:30:00

CWE-264

mitre

web.nvd.nist.gov

qbik wingate

access controls

http host header

bypass

cve-2009-0802

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

53.2%

JSON

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Affected configurations

Nvd

Node

qbikwingateMatch6.0.0

qbikwingateMatch6.0.1_build_993

qbikwingateMatch6.0.1_build_995

qbikwingateMatch6.0.2_build_1000

qbikwingateMatch6.0.2_build_1001

qbikwingateMatch6.0.3_build_1005

qbikwingateMatch6.1

qbikwingateMatch6.1.1.1077

qbikwingateMatch6.1.2

qbikwingateMatch6.1.3

qbikwingateMatch6.1.4

qbikwingateMatch6.2

qbikwingateMatch6.2.1

qbikwingateMatch6.2.2

qbikwingateMatch6.5.2

VendorProductVersionCPE
qbikwingate6.0.0cpe:2.3:a:qbik:wingate:6.0.0:*:*:*:*:*:*:*
qbikwingate6.0.1_build_993cpe:2.3:a:qbik:wingate:6.0.1_build_993:*:*:*:*:*:*:*
qbikwingate6.0.1_build_995cpe:2.3:a:qbik:wingate:6.0.1_build_995:*:*:*:*:*:*:*
qbikwingate6.0.2_build_1000cpe:2.3:a:qbik:wingate:6.0.2_build_1000:*:*:*:*:*:*:*
qbikwingate6.0.2_build_1001cpe:2.3:a:qbik:wingate:6.0.2_build_1001:*:*:*:*:*:*:*
qbikwingate6.0.3_build_1005cpe:2.3:a:qbik:wingate:6.0.3_build_1005:*:*:*:*:*:*:*
qbikwingate6.1cpe:2.3:a:qbik:wingate:6.1:*:*:*:*:*:*:*
qbikwingate6.1.1.1077cpe:2.3:a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*
qbikwingate6.1.2cpe:2.3:a:qbik:wingate:6.1.2:*:*:*:*:*:*:*
qbikwingate6.1.3cpe:2.3:a:qbik:wingate:6.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qbik	wingate	6.0.0	cpe:2.3:a:qbik:wingate:6.0.0:::::::*
qbik	wingate	6.0.1_build_993	cpe:2.3:a:qbik:wingate:6.0.1_build_993:::::::*
qbik	wingate	6.0.1_build_995	cpe:2.3:a:qbik:wingate:6.0.1_build_995:::::::*
qbik	wingate	6.0.2_build_1000	cpe:2.3:a:qbik:wingate:6.0.2_build_1000:::::::*
qbik	wingate	6.0.2_build_1001	cpe:2.3:a:qbik:wingate:6.0.2_build_1001:::::::*
qbik	wingate	6.0.3_build_1005	cpe:2.3:a:qbik:wingate:6.0.3_build_1005:::::::*
qbik	wingate	6.1	cpe:2.3:a:qbik:wingate:6.1:::::::*
qbik	wingate	6.1.1.1077	cpe:2.3:a:qbik:wingate:6.1.1.1077:::::::*
qbik	wingate	6.1.2	cpe:2.3:a:qbik:wingate:6.1.2:::::::*
qbik	wingate	6.1.3	cpe:2.3:a:qbik:wingate:6.1.3:::::::*

Rows per page:

1-10 of 151

References

www.kb.cert.org/vuls/id/435052

www.securityfocus.com/bid/33858

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

53.2%

JSON

Related for CVE-2009-0802