CVE-2009-0801

NameCVE-2009-0801
DescriptionSquid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs521052, 521053

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squid (PTS)sid4.1-1vulnerable
squid3 (PTS)jessie (security), jessie3.4.8-6+deb8u5fixed
stretch (security), stretch3.5.23-5+deb9u1fixed
buster, sid3.5.27-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squidsource(unstable)(unfixed)unimportant521053
squid3source(unstable)3.3.3-1unimportant521052

Notes

This only affects HTTP connections and only in transparent mode
Also, same origin validations in the browsers still apply and keep this mostly harmless
http://marc.info/?l=squid-dev&m=123542836103750&w=4

Search for package or bug name: Reporting problems