Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-5400

Published: 28/09/2015 Updated: 22/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Fedoraproject

Vulnerability Summary

Squid prior to 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote malicious users to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 22

debian debian linux 8.0

debian debian linux 7.0

squid-cache squid

Vendor Advisories

Debian CVElist Bug Report Logs: squid3: CVE-2016-10002: SQUID-2016:11: Information disclosure in HTTP Request processing
Debian Bug report logs - #848493 squid3: CVE-2016-10002: SQUID-2016:11: Information disclosure in HTTP Request processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Dec 2016 15:57:04 UTC Severity: grave Tags ...
Debian CVElist Bug Report Logs: squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses
Debian Bug report logs - #793128 squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Jul 2015 14:54:02 UTC Severity: important ...
Debian Security Advisories: DSA-3327-1 squid3 -- security update
Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic This could allow remote clients to gain unrestricted access through a gateway proxy to its backend proxy For the oldstabl ...
Red Hat: CVE-2015-5400
Squid before 356 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request ...

References

CWE-264http://www.openwall.com/lists/oss-security/2015/07/06/8http://www.debian.org/security/2015/dsa-3327http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patchhttp://www.squid-cache.org/Advisories/SQUID-2015_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patchhttp://www.openwall.com/lists/oss-security/2015/07/10/2http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patchhttp://www.openwall.com/lists/oss-security/2015/07/09/12http://www.openwall.com/lists/oss-security/2015/07/17/14http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://www.securityfocus.com/bid/75553http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://www.securitytracker.com/id/1032873https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848493https://www.debian.org/security/./dsa-3327https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-5400
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook