CVE-2012-2212

CVE-2012-2212 is a medium-severity vulnerability in Mcafee Web Gateway with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-264.

Key facts

Description

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers

Frequently asked questions

What is CVE-2012-2212?
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
How severe is CVE-2012-2212?
CVE-2012-2212 has a CVSS 2.0 base score of 5.0, rated medium severity.
Is CVE-2012-2212 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (70th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2012-2212?
CVE-2012-2212 affects Mcafee Web Gateway. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2012-2212?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2012-2212 published?
CVE-2012-2212 was published on 2012-04-28 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Mcafee Web Gateway

All CVEs affecting Mcafee Web Gateway →

Other CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities

Browse all CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities →