Ziproxy Security Bypass Vulnerability Network Vulnerability

Summary

This host is running Ziproxy server and is prone to security bypass vulnerability.

Impact

This can be exploited to restrict websites or bypass a browser's security context protection mechanism by sending HTTP requests with forged HTTP Host header. Impact Level: System/Application

Solution

Upgrade to Ziproxy version 3.1.0 or later, For updates refer to http://ziproxy.sourceforge.net/

Insight

This vulnerability arises because ziproxy depends on HTTP Host headers to determine the remote endpoints while acting as a transparent proxy.

Affected

Ziproxy version 2.6.0 and prior on Linux.

References

http://secunia.com/advisories/34018/
http://www.kb.cert.org/vuls/id/435052

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0804

CVSS	Base Score: 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Allied Telesyn Router/Switch found with default password
Shiva LanRover Blank Password
Kaspersky Products Privilege Escalation Vulnerability
VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)
OpenSC Incorrect RSA Keys Generation Vulnerability

Take action and discover your vulnerabilities