client_side.cc in Squid prior to 3.5.18 and 4.x prior to 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote malicious users to conduct cache-poisoning attacks via an HTTP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
squid-cache squid |
||
squid-cache squid 4.0.6 |
||
squid-cache squid 4.0.5 |
||
squid-cache squid 4.0.4 |
||
squid-cache squid 4.0.3 |
||
squid-cache squid 4.0.9 |
||
squid-cache squid 4.0.2 |
||
squid-cache squid 4.0.1 |
||
squid-cache squid 4.0.8 |
||
squid-cache squid 4.0.7 |
||
oracle linux 7 |