squid: weak certificate validation

ID ASA-201505-1
Type archlinux
Reporter Arch Linux
Modified 2015-05-01T00:00:00


The flaw allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain. However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation. Sites that do not use SSL-Bump are not vulnerable.