Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: September 11, 2009
Statement Date: December 10, 2008
Affected
On Mac OS X v10.5, the Parental Controls Internet content filter is susceptible to this issue. This issue does not affect Mac OS X v10.6.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 11, 2009 Updated: September 11, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 30, 2009
Statement Date: April 30, 2009
Affected
Astaro Customers are only vulnerable if users allow java or activex, and using the proxy in transparent mode and have internal web servers which are not password protected. We are currently working on a solution.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: April 22, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2008 Updated: December 10, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 02, 2009 Updated: March 04, 2009
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
See https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments for more information.
Notified: December 09, 2008 Updated: February 03, 2009
Statement Date: February 02, 2009
Not Affected
Our detailed investigation of the vulnerability in transparent proxy servers using the HTTP Host field resulting in potential cache poisoning has indicated that Borderware's products are not susceptible to this form of attack. More details on this can be obtained by contacting Borderware.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: February 20, 2009
Not Affected
Check Point products are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: March 12, 2009
Not Affected
The Cisco PSIRT has been investigating and has not found any vulnerable products. If we determine that any of our products are vulnerable, information will be available at: http://www.cisco.com/go/psirt/. Please direct any questions to psirt@cisco.com.
The vendor has not provided us with any further information regarding this vulnerability.
Access control lists can be configured to mitigate this vulnerability. The below ACLs limit access allow a proxy server to only connect make outbound connections to TCP port 80. access-list 111 permit tcp [ip address of proxy] any eq 80 access-list 112 permit tcp any any gt 1023 established
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 17, 2008
Statement Date: December 17, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: February 20, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Administrators of Debian systems should use ACLs or iptables rules to prevent proxies from connecting to internal resources. Administrators who use Squid should refer to http://www.visolve.com/squid/squid24s1/access_controls.php for more information.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: April 24, 2009
Statement Date: April 23, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: February 04, 2009
Statement Date: January 30, 2009
Not Affected
Force10 equipment is not vulnerable to this threat. Force10 routers and switches could help mitigate such an attack by restricting access to internal resources by using access control lists.
See https://www.force10networks.com/CSPortal20/KnowledgeBase/Documentation.aspx for information configuring ACL and port filters.
Notified: December 09, 2008 Updated: December 10, 2008
Statement Date: December 09, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 11, 2008
Statement Date: December 10, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 08, 2009 Updated: January 08, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: January 07, 2009
Statement Date: December 16, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: April 13, 2009
Affected
See http://www.seil.jp/english/seilseries/security/2009/04091700.php for more information.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: April 13, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: January 08, 2009
Statement Date: January 08, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 10, 2009 Updated: February 09, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: April 27, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 18, 2008
Statement Date: December 18, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 06, 2009 Updated: January 06, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 12, 2008 Updated: November 11, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: January 02, 2009
Statement Date: December 10, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Peplink products are not vulnerable.
Notified: January 06, 2009 Updated: January 06, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2009 Updated: January 21, 2009
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 17, 2008
Statement Date: December 17, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: February 20, 2009
Affected
SmoothWall products that include SmoothGuardian (SchoolGuardian, NetworkGuardian, and our Firewall prouct that have SmoothGuardian installed upon them) are vulnerable but the workaround is to configure Guardian to block their internal web servers without passwords using hostname and IPaddress. The vulnerability only is real if users allow java or activex, are using transparent proxying, and have internal web servers not password protected. We are also working on a hostname validation system which will actually increase the security beyond a normal system by checking the destination hostname against the destination IP which will protect against certain cache or host file poisoning.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 11, 2009 Updated: March 11, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 02, 2009 Updated: February 23, 2009
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2009 Updated: June 29, 2009
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: January 13, 2009
Statement Date: January 13, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 09, 2008 Updated: March 04, 2009
Statement Date: March 04, 2009
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 13, 2009 Updated: August 07, 2009
Statement Date: August 07, 2009
Affected
For servers running Ziproxy in transparent proxy mode, it is strongly recommended to set the following options as below: ConventionalProxy = false AllowMethodCONNECT = false When running as a conventional proxy (non-transparent), it is strongly recommended to read the documentation on the following option: AllowMethodCONNECT Running Ziproxy in both transparent and conventional modes simultaneously is discouraged for security reasons. In transparent mode, the latest version of Ziproxy (2.6.0) trusts the host and port provided in the HTTP headers. This may be exploited using a hand-crafted HTTP request so to access arbitrary websites. In order to address this specific vulnerability, firewall rules may be used and/or an additional HTTP proxy with more security mechanisms may be installed between the clients and Ziproxy. Since Ziproxy is not a caching proxy, cache poisoning issues do not apply.
Ziproxy 2.7.0 and newer versions include provisions that mitigate this vulnerability. Details are included in the software documentation
Notified: December 09, 2008 Updated: December 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.