Summary
According to its version number, the remote version of Squid is prone to an information-disclosure vulnerability related to the interpretation of the Host HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the Host HTTP header instead of the destination IP address.
Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.
These issues affect Squid 2.7 and 3.0.
Severity
Classification
-
CVE CVE-2009-1211 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities