Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-4553

Published: 10/05/2016 Updated: 27/12/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Ubuntu Linux

Vulnerability Summary

client_side.cc in Squid prior to 3.5.18 and 4.x prior to 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote malicious users to conduct cache-poisoning attacks via an HTTP request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 16.04

canonical ubuntu linux 15.10

squid-cache squid

squid-cache squid 4.0.6

squid-cache squid 4.0.5

squid-cache squid 4.0.4

squid-cache squid 4.0.3

squid-cache squid 4.0.9

squid-cache squid 4.0.2

squid-cache squid 4.0.1

squid-cache squid 4.0.8

squid-cache squid 4.0.7

oracle linux 7

Vendor Advisories

Debian CVElist Bug Report Logs: squid3: CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
Debian Bug report logs - #823968 squid3: CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 May 2016 20:12:01 UTC Severity: important Tags: fixed-upstream, sec ...
Ubuntu Security Notice: squid3 vulnerabilities
Several security issues were fixed in Squid ...
Debian Security Advisories: DSA-3625-1 squid3 -- security update
Several security issues have been discovered in the Squid caching proxy CVE-2016-4051: CESG and Yuriy M Kaminskiy discovered that Squid cachemgrcgi was vulnerable to a buffer overflow when processing remotely supplied inputs relayed through Squid CVE-2016-4052: CESG discovered that a buffer overflow made Squid vulnerable to a ...
Red Hat: CVE-2016-4553
An input validation flaw was found in the way Squid handled intercepted HTTP Request messages An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid ...

References

CWE-345http://www.securitytracker.com/id/1035768http://bugs.squid-cache.org/show_bug.cgi?id=4501http://www.squid-cache.org/Advisories/SQUID-2016_7.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patchhttp://www.ubuntu.com/usn/USN-2995-1http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttps://security.gentoo.org/glsa/201607-01http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://www.debian.org/security/2016/dsa-3625https://access.redhat.com/errata/RHSA-2016:1140https://access.redhat.com/errata/RHSA-2016:1139https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823968https://usn.ubuntu.com/2995-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook