FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ziproxy -- multiple vulnerability

Affected packages
ziproxy < 2.7.0

Details

VuXML ID 872ae5be-29c0-11de-bdeb-0030843d3802
Discovery 2009-02-23
Entry 2009-04-15

Ziproxy Developers reports:

Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the destination IP address.

Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.

References

Bugtraq ID 33858
CVE Name CVE-2009-0804
URL http://www.kb.cert.org/vuls/id/MAPG-7N9GN8