Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cache poisoning vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request....
Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Squid-cache SquidSquid-cache Squid 4.0.6Squid-cache Squid 4.0.5Squid-cache Squid 4.0.4Squid-cache Squid 4.0.3Squid-cache Squid 4.0.9Squid-cache Squid 4.0.2Squid-cache Squid 4.0.1Squid-cache Squid 4.0.8Squid-cache Squid 4.0.7Oracle Linux 7
6.5
CVSSv2
CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or...
Squid-cache SquidSquid-cache Squid 2.7Fedoraproject Fedora 31
7.5
CVSSv2
CVE-2021-41589
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user...
Gradle Build Cache NodeGradle Enterprise
5
CVSSv2
CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue....
Oracle Linux 7Oracle Linux 6Squid-cache SquidCanonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10
3.5
CVSSv2
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local...
Squid-cache SquidCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Debian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Opensuse Leap 15.1Opensuse Leap 15.2
4
CVSSv2
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local...
Squid-cache SquidCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Debian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Opensuse Leap 15.1Opensuse Leap 15.2
10
CVSSv2
CVE-1999-0165
NFS cache poisoning....
Sun NfsSun Sunos 5.3Sun Sunos 4.0.1Sun Sunos 4.1.4Sun Solaris 2.4Sun Sunos 4.0.3Sun Sunos 4.1Sun Sunos 5.4Sun Sunos 4.0.2Sun Sunos 4.1.1Bsdi Bsd OsSun Sunos 5.1Sun Sunos 4.1.3Sun Sunos 4.1.2Sun Sunos 3.5Sun Sunos 4.0Linux Linux Kernel 2.6.20.1Sun Sunos 5.0Sun Sunos -Sun Sunos 5.2
2.6
CVSSv2
CVE-2013-5661
Cache Poisoning issue exists in DNS Response Rate Limiting....
Isc BindNlnetlabs Nsd 3.2.15Nic Knot ResolverRedhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0
5
CVSSv2
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs....
Isc Bind 8.1Isc Bind 4.9.5Sco Openserver 5.0Sco Open Desktop 3.0Sun Sunos 5.3Nec Ews-ux V 4.2mpSun Solaris 2.4Sun Solaris 2.5.1Sun Solaris 2.5Ibm Aix 4.2Nec Asl Ux 4800 64Sun Sunos 5.5Bsdi Bsd Os 3.0Nec Ews-ux V 4.2Sco Unixware 2.1Bsdi Bsd Os 2.1Sco Unix 3.2v4Nec Up-ux V 4.2mpSun Sunos -Sun Sunos 5.4Sun Solaris 2.6Ibm Aix 4.1Sun Sunos 5.5.1
5
CVSSv2
CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context....
Drupal Drupal 8.2.2Drupal Drupal 8.2.0Drupal Drupal 8.0.0Drupal Drupal 8.0.2Drupal Drupal 8.1.0Drupal Drupal 8.1.1Drupal Drupal 8.1.6Drupal Drupal 8.1.8Drupal Drupal 8.0.4Drupal Drupal 8.0.5Drupal Drupal 8.0.6Drupal Drupal 8.1.2Drupal Drupal 8.1.3Drupal Drupal 8.1.4Drupal Drupal 8.1.5Drupal Drupal 8.2.1Drupal Drupal 8.1.10Drupal Drupal 8.0.1Drupal Drupal 8.0.3Drupal Drupal 8.1.7Drupal Drupal 8.1.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216administrator privilegesreflected XSSCVE-2022-35011CVE-2022-34713CVE-2022-35009CVE-2022-35479CVE-2022-1410authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook