Summary
This host is running Ziproxy server and is prone to security bypass vulnerability.
Impact
This can be exploited to restrict websites or bypass a browser's security context protection mechanism by sending HTTP requests with forged HTTP Host header.
Impact Level: System/Application
Solution
Upgrade to Ziproxy version 3.1.0 or later,
For updates refer to http://ziproxy.sourceforge.net/
Insight
This vulnerability arises because ziproxy depends on HTTP Host headers to determine the remote endpoints while acting as a transparent proxy.
Affected
Ziproxy version 2.6.0 and prior on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0804 -
CVSS Base Score: 5.4
AV:N/AC:H/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- VMware Tools Local Privilege Escalation Vulnerability (Win)
- Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
- VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)
- Shiva LanRover Blank Password
- Intel Desktop Boards SMM Local Privilege Escalation Vulnerability (Linux)