var-201204-0203
Vulnerability from variot
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. ** Unsettled ** This case has not been confirmed as a vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0203", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "web gateway", scope: "eq", trust: 1.6, vendor: "mcafee", version: "7.0.0", }, { model: "web gateway software", scope: "eq", trust: 0.8, vendor: "mcafee", version: "7.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "CNNVD", id: "CNNVD-201204-552", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:mcafee:web_gateway:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2012-2212", }, ], }, cve: "CVE-2012-2212", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2012-2212", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-55493", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2012-2212", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201204-552", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-55493", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2012-2212", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-55493", }, { db: "VULMON", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "CNNVD", id: "CNNVD-201204-552", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. ** Unsettled ** This case has not been confirmed as a vulnerability", sources: [ { db: "NVD", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "VULHUB", id: "VHN-55493", }, { db: "VULMON", id: "CVE-2012-2212", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2012-2212", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2012-006418", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201204-552", trust: 0.7, }, { db: "BUGTRAQ", id: "20120424 RE: MCAFEE WEB GATEWAY URL FILTERING BYPASS", trust: 0.6, }, { db: "BUGTRAQ", id: "20120421 RE: MCAFEE WEB GATEWAY URL FILTERING BYPASS", trust: 0.6, }, { db: "BUGTRAQ", id: "20120416 MCAFEE WEB GATEWAY URL FILTERING BYPASS", trust: 0.6, }, { db: "PACKETSTORM", id: "111842", trust: 0.1, }, { db: "VULHUB", id: "VHN-55493", trust: 0.1, }, { db: "VULMON", id: "CVE-2012-2212", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-55493", }, { db: "VULMON", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "CNNVD", id: "CNNVD-201204-552", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, id: "VAR-201204-0203", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-55493", }, ], trust: 0.01, }, last_update_date: "2024-05-17T23:07:37.630000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "トップページ", trust: 0.8, url: "https://www.mcafee.com/ja-jp/index.html", }, { title: "proxy_bypass", trust: 0.1, url: "https://github.com/claudijd/proxy_bypass ", }, ], sources: [ { db: "VULMON", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-264", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-55493", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html", }, { trust: 1.8, url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html", }, { trust: 1.8, url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2212", }, { trust: 0.8, url: "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2212", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/264.html", }, { trust: 0.1, url: "https://github.com/claudijd/proxy_bypass", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-55493", }, { db: "VULMON", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "CNNVD", id: "CNNVD-201204-552", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-55493", }, { db: "VULMON", id: "CVE-2012-2212", }, { db: "JVNDB", id: "JVNDB-2012-006418", }, { db: "CNNVD", id: "CNNVD-201204-552", }, { db: "NVD", id: "CVE-2012-2212", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-04-28T00:00:00", db: "VULHUB", id: "VHN-55493", }, { date: "2012-04-28T00:00:00", db: "VULMON", id: "CVE-2012-2212", }, { date: "2019-07-29T00:00:00", db: "JVNDB", id: "JVNDB-2012-006418", }, { date: "2012-04-28T00:00:00", db: "CNNVD", id: "CNNVD-201204-552", }, { date: "2012-04-28T10:06:13.210000", db: "NVD", id: "CVE-2012-2212", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-03-19T00:00:00", db: "VULHUB", id: "VHN-55493", }, { date: "2014-03-19T00:00:00", db: "VULMON", id: "CVE-2012-2212", }, { date: "2019-07-29T00:00:00", db: "JVNDB", id: "JVNDB-2012-006418", }, { date: "2012-05-02T00:00:00", db: "CNNVD", id: "CNNVD-201204-552", }, { date: "2024-05-17T00:52:22.080000", db: "NVD", id: "CVE-2012-2212", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201204-552", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "McAfee Web Gateway In CONNECT Vulnerability that bypasses method access settings", sources: [ { db: "JVNDB", id: "JVNDB-2012-006418", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control", sources: [ { db: "CNNVD", id: "CNNVD-201204-552", }, ], trust: 0.6, }, }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.