Package: ziproxy
Version: 2.5.2-2
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ziproxy.

CVE-2009-0804[0]:
| Ziproxy 2.6.0, when transparent interception mode is enabled, uses the
| HTTP Host header to determine the remote endpoint, which allows remote
| attackers to bypass access controls for Flash, Java, Silverlight, and
| probably other technologies, and possibly communicate with restricted
| intranet sites, via a crafted web page that causes a client to send
| HTTP requests with a modified Host header.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0804
    http://security-tracker.debian.net/tracker/CVE-2009-0804

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to