Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cache poisoning vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request....
Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Squid-cache SquidSquid-cache Squid 4.0.6Squid-cache Squid 4.0.5Squid-cache Squid 4.0.4Squid-cache Squid 4.0.3Squid-cache Squid 4.0.9Squid-cache Squid 4.0.2Squid-cache Squid 4.0.1Squid-cache Squid 4.0.8Squid-cache Squid 4.0.7Oracle Linux 7
6.5
CVSSv2
CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or...
Squid-cache SquidSquid-cache Squid 2.7Fedoraproject Fedora 31
5
CVSSv2
CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue....
Oracle Linux 7Oracle Linux 6Squid-cache SquidCanonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10
3.5
CVSSv2
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local...
Squid-cache SquidCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Debian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Opensuse Leap 15.1Opensuse Leap 15.2
4
CVSSv2
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local...
Squid-cache SquidCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Debian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Opensuse Leap 15.1Opensuse Leap 15.2
10
CVSSv2
CVE-1999-0165
NFS cache poisoning....
Sun NfsBsdi Bsd OsSun Sunos 5.1Sun Sunos 5.3Sun Sunos 4.0.1Sun Sunos 4.0.3Sun Sunos 4.1.3Sun Sunos -Sun Sunos 4.1.4Sun Sunos 4.1.1Sun Sunos 4.1.2Sun Sunos 5.4Sun Solaris 2.4Sun Sunos 4.1Sun Sunos 4.0.2Linux Linux Kernel 2.6.20.1Sun Sunos 3.5Sun Sunos 5.0Sun Sunos 4.0Sun Sunos 5.2
2.6
CVSSv2
CVE-2013-5661
Cache Poisoning issue exists in DNS Response Rate Limiting....
Isc BindNlnetlabs Nsd 3.2.15Nic Knot ResolverRedhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0
5
CVSSv2
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs....
Isc Bind 4.9.5Isc Bind 8.1Ibm Aix 4.2Nec Asl Ux 4800 64Nec Ews-ux V 4.2Nec Ews-ux V 4.2mpNec Up-ux V 4.2mpSun Sunos -Sun Sunos 5.3Sun Sunos 5.4Sun Solaris 2.4Sun Sunos 5.5Bsdi Bsd Os 3.0Sco Openserver 5.0Sco Open Desktop 3.0Sun Solaris 2.5.1Sun Solaris 2.5Sco Unixware 2.1Bsdi Bsd Os 2.1Sco Unix 3.2v4Sun Sunos 5.5.1Ibm Aix 4.1Sun Solaris 2.6
5
CVSSv2
CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context....
Drupal Drupal 8.2.2Drupal Drupal 8.2.0Drupal Drupal 8.0.0Drupal Drupal 8.1.6Drupal Drupal 8.1.8Drupal Drupal 8.0.4Drupal Drupal 8.0.5Drupal Drupal 8.0.2Drupal Drupal 8.1.0Drupal Drupal 8.1.1Drupal Drupal 8.0.6Drupal Drupal 8.1.2Drupal Drupal 8.1.9Drupal Drupal 8.1.5Drupal Drupal 8.1.10Drupal Drupal 8.1.3Drupal Drupal 8.0.3Drupal Drupal 8.1.7Drupal Drupal 8.2.1Drupal Drupal 8.0.1Drupal Drupal 8.1.4
9.4
CVSSv2
CVE-2008-1454
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's...
Microsoft Windows 2000Microsoft Windows XpMicrosoft Windows Server 2003Microsoft Windows Server 2008
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-41394CVE-2021-24663CSRFCVE-2021-40444firewallCVE-2021-41380CVE-2021-33035man-in-the-middleCVE-2021-24530
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook