Sign-up

ID

VAR-201204-0203


CVE

CVE-2012-2212


TITLE

McAfee Web Gateway In CONNECT Vulnerability that bypasses method access settings

Trust: 0.8

sources: JVNDB: JVNDB-2012-006418

DESCRIPTION

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. ** Unsettled ** This case has not been confirmed as a vulnerability

Trust: 1.8

sources: NVD: CVE-2012-2212 // JVNDB: JVNDB-2012-006418 // VULHUB: VHN-55493 // VULMON: CVE-2012-2212

AFFECTED PRODUCTS

vendor:mcafeemodel:web gatewayscope:eqversion:7.0.0

Trust: 1.6

vendor:mcafeemodel:web gateway softwarescope:eqversion:7.0

Trust: 0.8

sources: JVNDB: JVNDB-2012-006418 // CNNVD: CNNVD-201204-552 // NVD: CVE-2012-2212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2212
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-2212
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-552
value: MEDIUM

Trust: 0.6

VULHUB: VHN-55493
value: MEDIUM

Trust: 0.1

VULMON: CVE-2012-2212
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2212
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-55493
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55493 // VULMON: CVE-2012-2212 // JVNDB: JVNDB-2012-006418 // CNNVD: CNNVD-201204-552 // NVD: CVE-2012-2212

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-55493 // JVNDB: JVNDB-2012-006418 // NVD: CVE-2012-2212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-552

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201204-552

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006418

PATCH
title:トップページurl:https://www.mcafee.com/ja-jp/index.html
Trust: 0.8
title:proxy_bypassurl:https://github.com/claudijd/proxy_bypass 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2012-2212 // 
            
            
            
            JVNDB: JVNDB-2012-006418

EXTERNAL IDS
db:NVDid:CVE-2012-2212
Trust: 2.6
db:JVNDBid:JVNDB-2012-006418
Trust: 0.8
db:CNNVDid:CNNVD-201204-552
Trust: 0.7
db:BUGTRAQid:20120424 RE: MCAFEE WEB GATEWAY URL FILTERING BYPASS
Trust: 0.6
db:BUGTRAQid:20120421 RE: MCAFEE WEB GATEWAY URL FILTERING BYPASS
Trust: 0.6
db:BUGTRAQid:20120416 MCAFEE WEB GATEWAY URL FILTERING BYPASS
Trust: 0.6
db:PACKETSTORMid:111842
Trust: 0.1
db:VULHUBid:VHN-55493
Trust: 0.1
db:VULMONid:CVE-2012-2212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55493 // 
            
            
            
            VULMON: CVE-2012-2212 // 
            
            
            
            JVNDB: JVNDB-2012-006418 // 
            
            
            
            CNNVD: CNNVD-201204-552 // 
            
            
            
            NVD: CVE-2012-2212

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html
Trust: 1.8
url:http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html
Trust: 1.8
url:http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2212
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2212
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://github.com/claudijd/proxy_bypass
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55493 // 
            
            
            
            VULMON: CVE-2012-2212 // 
            
            
            
            JVNDB: JVNDB-2012-006418 // 
            
            
            
            CNNVD: CNNVD-201204-552 // 
            
            
            
            NVD: CVE-2012-2212

SOURCES
db:VULHUBid:VHN-55493
db:VULMONid:CVE-2012-2212
db:JVNDBid:JVNDB-2012-006418
db:CNNVDid:CNNVD-201204-552
db:NVDid:CVE-2012-2212

LAST UPDATE DATE
2024-11-23T23:02:55.298000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55493date:2014-03-19T00:00:00
db:VULMONid:CVE-2012-2212date:2014-03-19T00:00:00
db:JVNDBid:JVNDB-2012-006418date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201204-552date:2012-05-02T00:00:00
db:NVDid:CVE-2012-2212date:2024-11-21T01:38:42.933

SOURCES RELEASE DATE
db:VULHUBid:VHN-55493date:2012-04-28T00:00:00
db:VULMONid:CVE-2012-2212date:2012-04-28T00:00:00
db:JVNDBid:JVNDB-2012-006418date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201204-552date:2012-04-28T00:00:00
db:NVDid:CVE-2012-2212date:2012-04-28T10:06:13.210