Bug 817521 - (CVE-2012-2213) CVE-2012-2213 squid: URL filtering bypass
CVE-2012-2213 squid: URL filtering bypass
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 817524
  Show dependency treegraph
Reported: 2012-04-30 07:51 EDT by Jan Lieskovsky
Modified: 2012-05-18 09:24 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-18 09:24:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Reproducer from original post (3.49 KB, text/plain)
2012-04-30 07:53 EDT, Jan Lieskovsky
no flags Details

  None (edit)
Description Jan Lieskovsky 2012-04-30 07:51:57 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2213 to the following vulnerability:

** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br.

[1] http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html
[2] http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html
[3] http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html
[4] http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html
[5] http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html
[6] http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html
Comment 1 Jan Lieskovsky 2012-04-30 07:53:21 EDT
Created attachment 581172 [details]
Reproducer from original post
Comment 6 Stefan Cornelius 2012-05-18 09:24:52 EDT
The exact conditions this was tested under are unknown and the reporter can not provide enough additional information (used squid configuration file for example) to properly evaluate this report for security relevance. Currently it is unknown, whether this problem constitutes a new security flaw or if it is just result of improper configuration.


We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue.

Note You need to log in before you can comment on or make changes to this bug.