VULHUB ™

Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This may provide for the use of an internal mail server as an open relay for the purposes of sending unsolicited mass email. This BID may be related to the issue described in BID 4143.

Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This may provide for the use of an internal mail server as an open relay for the purposes of sending unsolicited mass email. This BID may be related to the issue described in BID 4143.