Squid / McAfee Web Gateway URL filtering bypass
Published:		19.04.2012
Source:		BUGTRAQ
SecurityVulns ID:		12324
Type:		remote
Level:		4/10
Description:		Server trusts to Host: header in CONNECT request.

Affected:		SQUID : squid 3.1
		MCAFEE : McAfee Web Gateway 7.0
CVE:		CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br.)
		CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers.)

Original document		Gabriel Menezes Nunes, Squid URL Filtering Bypass (19.04.2012)
		Gabriel Menezes Nunes, McAfee Web Gateway URL Filtering Bypass (19.04.2012)

Discuss:

Read or add your comments to this news (0 comments)