CVE-2012-2212

critical

Description

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers

References

http://archives.neohapsis.com/archives/bugtraq/2012-04/0189.html

http://archives.neohapsis.com/archives/bugtraq/2012-04/0164.html

http://archives.neohapsis.com/archives/bugtraq/2012-04/0118.html

Details

Source: Mitre, NVD

Published: 2012-04-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00207