Squid prior to 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote malicious users to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 22 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
squid-cache squid |