Published: 28/04/2012 Updated: 11/04/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

McAfee Web Gateway 7.0 allows remote malicious users to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers

Vulnerable Product	Search on Vulmon	Subscribe to Product
mcafee web gateway 7.0.0

This is a stub project to store some PoC code for bypassing proxy controls

proxy_bypass This is a proof of concept for the following vulnerabilities: 1) Squid 319 (CVE-2012-2213) - CONFIRMED 2) McAfee Web Access Gateway (CVE-2012-2212) - NOT CONFIRMED, but likely Feel free to test yourself and let me know what you find More details about these issues are on the Spiderlabs Blog: blogspiderlabscom/2012/05/bypass-vulnerabilities-in-squid-an

CWE-264 http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html https://nvd.nist.gov https://github.com/claudijd/proxy_bypass

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2212

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect