CVE-2012-2212

CWE-2644 documents4 sources

Severity

5.0MEDIUM

EPSS

0.1%

top 71.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee WEB Gateway

Timeline

PublishedApr 28

Latest updateMay 17

Description

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmcafee/web_gateway7.0.0

🔴Vulnerability Details

GHSA

GHSA-m5cr-23pc-hg72: ** DISPUTED ** McAfee Web Gateway 7↗2022-05-17

▶

CVEList

CVE-2012-2212: McAfee Web Gateway 7↗2012-04-28

▶

💬Community

Bugzilla

CVE-2012-6684 rubygem-RedCloth: XSS vulnerability↗2015-01-07

▶