Candidate: CVE-2009-0804
PublicDate: 2009-03-04 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0804
Description:
 Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP
 Host header to determine the remote endpoint, which allows remote attackers
 to bypass access controls for Flash, Java, Silverlight, and probably other
 technologies, and possibly communicate with restricted intranet sites, via
 a crafted web page that causes a client to send HTTP requests with a
 modified Host header.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_ziproxy:
upstream_ziproxy: released (2.7.2-1)
dapper_ziproxy: DNE
gutsy_ziproxy: DNE
hardy_ziproxy: DNE
intrepid_ziproxy: needs-triage (reached end-of-life)
jaunty_ziproxy: ignored (reached end-of-life)
karmic_ziproxy: ignored (reached end-of-life)
lucid_ziproxy: not-affected (2.7.2-1.1ubuntu1)
maverick_ziproxy: not-affected (2.7.2-1.1ubuntu1)
natty_ziproxy: not-affected (2.7.2-1.1ubuntu1)
devel_ziproxy: not-affected (2.7.2-1.1ubuntu1)