Is CVE-2009-0801 actively exploited?

CVE-2009-0801 has no public evidence of in-the-wild exploitation as of 2025-04-09.

What is the CVSS score for CVE-2009-0801?

CVE-2009-0801 has a CVSS score of 5.4 (UNKNOWN severity). Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N.

How do I patch CVE-2009-0801?

Patch guidance is available from squid security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2009-0801.

CVE-2009-0801 - remediation guidance & executive summary

Q: Which products are affected by CVE-2009-0801?

16 products: squid squid web proxy cache, squid squid web proxy cache, squid squid web proxy cache, squid squid web proxy cache, squid squid web proxy cache, and 11 more.

Description

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

CVSS Metrics

Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
Access Vector: network
Access Cmplx: high
Auth: none
Confidentiality: complete
Integrity: none
Availability: none
Weaknesses: CWE-264

Metadata

Primary Vendor: SQUID
Published: 3/4/2009
Last Modified: 4/9/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

squid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cachesquid : squid_web_proxy_cache

Remediation Guidance

Executive Summary

View on NIST NVD