CVE-2012-2213 - OpenCVE

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Squid-cache	Squid

Configuration 1 [-]

cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:36

Updated: 2022-10-03T16:15:36

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-2213

JSON object: View

NVD Information

Status : Modified

Published: 2012-04-28T10:06:13.273

Modified: 2024-05-17T00:52:22.320

Link: CVE-2012-2213

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20120419 RE: Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"}, {"name": "20120420 Re: Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"}, {"name": "20120418 Re: Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"}, {"name": "20120421 Re: Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"}, {"name": "20120416 Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"}, {"name": "20120419 Re: Squid URL Filtering Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2213", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120419 RE: Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"}, {"name": "20120420 Re: Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"}, {"name": "20120418 Re: Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"}, {"name": "20120421 Re: Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"}, {"name": "20120416 Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"}, {"name": "20120419 Re: Squid URL Filtering Bypass", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-2213", "datePublished": "2022-10-03T16:15:36", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br"}, {"lang": "es", "value": "** EN DISPUTA ** Squid v3.1.9 permite a atacantes remotos evitar la configuraci\u00f3n de acceso para el m\u00e9todo CONNECT, proporcionando un nombre de host arbitrario en la cabecera 'host HTTP'. NOTA: este problema no puede ser reproducible, porque el investigador es incapaz de proporcionar un archivo squid.conf de un sistema vulnerable, y el comportamiento observado es consistente con un archivo squid.conf que fue (tal vez sin darse cuenta), dise\u00f1ado para permitir el acceso basado en una expresi\u00f3n regular de ACL \"host req_header\" que coincide con www.uol.com.br."}], "id": "CVE-2012-2213", "lastModified": "2024-05-17T00:52:22.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-28T10:06:13.273", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}