CVE-2012-2212

Name of the Vulnerable Software and Affected Versions McAfee Web Gateway version 7.0

Description The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. It is noted that this issue might not be reproducible due to a lack of configuration details for the vulnerable system, and the observed behavior could be consistent with a configuration designed to allow access based on Host HTTP headers.

Recommendations For McAfee Web Gateway version 7.0, consider restricting access to the CONNECT method to minimize the risk of exploitation. As a temporary workaround, review and adjust the configuration to ensure it does not inadvertently allow access based on arbitrary Host HTTP headers. At the moment, there is no information about a newer version that contains a fix for this issue.