From f70b08facc0917df4bf9382e5bb11355439a36a5 Mon Sep 17 00:00:00 2001 From: miwi Date: Wed, 15 Apr 2009 13:34:52 +0000 Subject: - Document ziproxy -- Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability Approved by: portmgr (secteam blanked) --- security/vuxml/vuln.xml | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e64df49c2c26..d4a0cd5b27e7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + ziproxy -- multiple vulnerability + + + ziproxy + 2.7.0 + + + + +

Ziproxy Developers reports:

+
Multiple HTTP proxy implementations are prone to an + information-disclosure vulnerability related to the interpretation of + the 'Host' HTTP header. Specifically, this issue occurs when the proxy + makes a forwarding decision based on the 'Host' HTTP header instead of + the destination IP address.
+
Attackers may exploit this issue to obtain sensitive information + such as internal intranet webpages. Additional attacks may also be + possible.
+

+ + + + 33858 + CVE-2009-0804 + http://www.kb.cert.org/vuls/id/MAPG-7N9GN8 + + + 2009-02-23 + 2009-04-15 + + + phpmyadmin -- insufficient output sanitizing when generating configuration file @@ -45,7 +79,7 @@ Note: Please add new entries to the beginning of this file.

phpMyAdmin Team reports:

+

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, -- cgit