[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5400Date: (C)2015-09-29   (M)2023-12-22


Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032873
BID-75553
DSA-3327
FEDORA-2016-7b40eb9e29
SUSE-SU-2016:1996
SUSE-SU-2016:2089
http://www.openwall.com/lists/oss-security/2015/07/06/8
http://www.openwall.com/lists/oss-security/2015/07/09/12
http://www.openwall.com/lists/oss-security/2015/07/10/2
http://www.openwall.com/lists/oss-security/2015/07/17/14
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
openSUSE-SU-2016:2081

CPE    4
cpe:/o:fedoraproject:fedora:22
cpe:/a:squid-cache:squid
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-264
OVAL    5
oval:org.secpod.oval:def:110476
oval:org.secpod.oval:def:110470
oval:org.secpod.oval:def:89045186
oval:org.secpod.oval:def:602187
...

© SecPod Technologies