Lucene search
MitreCVE-2016-4051HistoryApr 25, 2016 - 2:59 p.m.
CVE-2016-4051
2016-04-2514:59:02
CWE-119
mitre
web.nvd.nist.gov
123
cve-2016-4051
buffer overflow
cachemgr.cgi
squid
denial of service
execute arbitrary code
nvd
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.014
Percentile
86.4%
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
Affected configurations
Node
canonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch15.10
ORcanonicalubuntu_linuxMatch16.04lts
Node
oraclelinuxMatch6
ORoraclelinuxMatch7
Node
squid-cachesquidMatch2.0
ORsquid-cachesquidMatch2.1
ORsquid-cachesquidMatch2.2
ORsquid-cachesquidMatch2.3
ORsquid-cachesquidMatch2.4
ORsquid-cachesquidMatch2.5
ORsquid-cachesquidMatch2.6
ORsquid-cachesquidMatch2.7
ORsquid-cachesquidMatch3.0
ORsquid-cachesquidMatch3.1
ORsquid-cachesquidMatch3.1.0.1
ORsquid-cachesquidMatch3.1.0.2
ORsquid-cachesquidMatch3.1.0.3
ORsquid-cachesquidMatch3.1.0.4
ORsquid-cachesquidMatch3.1.0.5
ORsquid-cachesquidMatch3.1.0.6
ORsquid-cachesquidMatch3.1.0.7
ORsquid-cachesquidMatch3.1.0.8
ORsquid-cachesquidMatch3.1.0.9
ORsquid-cachesquidMatch3.1.0.10
ORsquid-cachesquidMatch3.1.0.11
ORsquid-cachesquidMatch3.1.0.12
ORsquid-cachesquidMatch3.1.0.13
ORsquid-cachesquidMatch3.1.0.14
ORsquid-cachesquidMatch3.1.0.15
ORsquid-cachesquidMatch3.1.0.16
ORsquid-cachesquidMatch3.1.0.17
ORsquid-cachesquidMatch3.1.0.18
ORsquid-cachesquidMatch3.1.1
ORsquid-cachesquidMatch3.1.2
ORsquid-cachesquidMatch3.1.3
ORsquid-cachesquidMatch3.1.4
ORsquid-cachesquidMatch3.1.5
ORsquid-cachesquidMatch3.1.5.1
ORsquid-cachesquidMatch3.1.6
ORsquid-cachesquidMatch3.1.7
ORsquid-cachesquidMatch3.1.8
ORsquid-cachesquidMatch3.1.9
ORsquid-cachesquidMatch3.1.10
ORsquid-cachesquidMatch3.1.11
ORsquid-cachesquidMatch3.1.12
ORsquid-cachesquidMatch3.1.12.1
ORsquid-cachesquidMatch3.1.12.2
ORsquid-cachesquidMatch3.1.12.3
ORsquid-cachesquidMatch3.1.13
ORsquid-cachesquidMatch3.1.14
ORsquid-cachesquidMatch3.1.15
ORsquid-cachesquidMatch3.1.16
ORsquid-cachesquidMatch3.1.17
ORsquid-cachesquidMatch3.1.18
ORsquid-cachesquidMatch3.1.19
ORsquid-cachesquidMatch3.1.20
ORsquid-cachesquidMatch3.1.21
ORsquid-cachesquidMatch3.1.22
ORsquid-cachesquidMatch3.2.0.1
ORsquid-cachesquidMatch3.2.0.2
ORsquid-cachesquidMatch3.2.0.3
ORsquid-cachesquidMatch3.2.0.4
ORsquid-cachesquidMatch3.2.0.5
ORsquid-cachesquidMatch3.2.0.6
ORsquid-cachesquidMatch3.2.0.7
ORsquid-cachesquidMatch3.2.0.8
ORsquid-cachesquidMatch3.2.0.9
ORsquid-cachesquidMatch3.2.0.10
ORsquid-cachesquidMatch3.2.0.11
ORsquid-cachesquidMatch3.2.0.12
ORsquid-cachesquidMatch3.2.0.13
ORsquid-cachesquidMatch3.2.0.14
ORsquid-cachesquidMatch3.2.0.15
ORsquid-cachesquidMatch3.2.0.16
ORsquid-cachesquidMatch3.2.0.17
ORsquid-cachesquidMatch3.2.0.18
ORsquid-cachesquidMatch3.2.0.19
ORsquid-cachesquidMatch3.2.1
ORsquid-cachesquidMatch3.2.2
ORsquid-cachesquidMatch3.2.3
ORsquid-cachesquidMatch3.2.4
ORsquid-cachesquidMatch3.2.5
ORsquid-cachesquidMatch3.2.6
ORsquid-cachesquidMatch3.2.7
ORsquid-cachesquidMatch3.2.8
ORsquid-cachesquidMatch3.2.9
ORsquid-cachesquidMatch3.2.10
ORsquid-cachesquidMatch3.2.11
ORsquid-cachesquidMatch3.2.12
ORsquid-cachesquidMatch3.2.13
ORsquid-cachesquidMatch3.3.0
ORsquid-cachesquidMatch3.3.0.1
ORsquid-cachesquidMatch3.3.0.2
ORsquid-cachesquidMatch3.3.0.3
ORsquid-cachesquidMatch3.3.1
ORsquid-cachesquidMatch3.3.2
ORsquid-cachesquidMatch3.3.3
ORsquid-cachesquidMatch3.3.4
ORsquid-cachesquidMatch3.3.5
ORsquid-cachesquidMatch3.3.6
ORsquid-cachesquidMatch3.3.7
ORsquid-cachesquidMatch3.3.8
ORsquid-cachesquidMatch3.3.9
ORsquid-cachesquidMatch3.3.10
ORsquid-cachesquidMatch3.3.11
ORsquid-cachesquidMatch3.3.12
ORsquid-cachesquidMatch3.3.13
ORsquid-cachesquidMatch3.3.14
ORsquid-cachesquidMatch3.4.0.1
ORsquid-cachesquidMatch3.4.0.2
ORsquid-cachesquidMatch3.4.0.3
ORsquid-cachesquidMatch3.4.1
ORsquid-cachesquidMatch3.4.2
ORsquid-cachesquidMatch3.4.3
ORsquid-cachesquidMatch3.4.4
ORsquid-cachesquidMatch3.4.4.1
ORsquid-cachesquidMatch3.4.4.2
ORsquid-cachesquidMatch3.4.8
ORsquid-cachesquidMatch3.4.9
ORsquid-cachesquidMatch3.4.10
ORsquid-cachesquidMatch3.4.11
ORsquid-cachesquidMatch3.4.12
ORsquid-cachesquidMatch3.4.13
ORsquid-cachesquidMatch3.4.14
ORsquid-cachesquidMatch3.5.0.1
ORsquid-cachesquidMatch3.5.0.2
ORsquid-cachesquidMatch3.5.0.3
ORsquid-cachesquidMatch3.5.0.4
ORsquid-cachesquidMatch3.5.1
ORsquid-cachesquidMatch3.5.2
ORsquid-cachesquidMatch3.5.3
ORsquid-cachesquidMatch3.5.4
ORsquid-cachesquidMatch3.5.5
ORsquid-cachesquidMatch3.5.6
ORsquid-cachesquidMatch3.5.7
ORsquid-cachesquidMatch3.5.8
ORsquid-cachesquidMatch3.5.9
ORsquid-cachesquidMatch3.5.10
ORsquid-cachesquidMatch3.5.11
ORsquid-cachesquidMatch3.5.12
ORsquid-cachesquidMatch3.5.13
ORsquid-cachesquidMatch3.5.14
ORsquid-cachesquidMatch3.5.15
ORsquid-cachesquidMatch3.5.16
ORsquid-cachesquidMatch4.0.1
ORsquid-cachesquidMatch4.0.2
ORsquid-cachesquidMatch4.0.3
ORsquid-cachesquidMatch4.0.4
ORsquid-cachesquidMatch4.0.5
ORsquid-cachesquidMatch4.0.6
ORsquid-cachesquidMatch4.0.7
ORsquid-cachesquidMatch4.0.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 15.10 | cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
| oracle | linux | 6 | cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:* |
| oracle | linux | 7 | cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:* |
| squid-cache | squid | 2.0 | cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:* |
| squid-cache | squid | 2.1 | cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:* |
| squid-cache | squid | 2.2 | cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:* |
| squid-cache | squid | 2.3 | cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
www.debian.org/security/2016/dsa-3625
www.openwall.com/lists/oss-security/2016/04/20/6
www.openwall.com/lists/oss-security/2016/04/20/9
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.securityfocus.com/bid/86788
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1035646
www.squid-cache.org/Advisories/SQUID-2016_5.txt
www.ubuntu.com/usn/USN-2995-1
access.redhat.com/errata/RHSA-2016:1138
access.redhat.com/errata/RHSA-2016:1139
access.redhat.com/errata/RHSA-2016:1140
security.gentoo.org/glsa/201607-01
Related
debian
debian
[SECURITY] [DLA 556-1] squid3 security update
2016-07-23 07:02:56
[SECURITY] [DSA 3625-1] squid3 security update
2016-07-22 09:16:22
[SECURITY] [DSA 3625-1] squid3 security update
2016-07-22 09:16:22
nessus
nessus
Squid 2.x / 3.x < 3.5.17 / 4.x < 4.0.9 cachemgr.cgi RCE
2016-05-17 00:00:00
Debian DLA-556-1 : squid3 security update
2016-07-25 00:00:00
CentOS 6 : squid (CESA-2016:1573)
2016-08-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:12:11
Remote Code Execution (RCE)
2019-01-15 09:12:43
ubuntucve
ubuntucve
CVE-2016-4051
2016-04-25 00:00:00
CVE-2016-5408
2016-08-10 00:00:00
prion
prion
Buffer overflow
2016-04-25 14:59:00
Stack overflow
2016-08-10 14:59:00
osv
osv
squid3 - security update
2016-07-23 00:00:00
squid3 - security update
2016-05-16 00:00:00
squid3 - security update
2016-07-22 00:00:00
nvd
nvd
CVE-2016-4051
2016-04-25 14:59:02
CVE-2016-5408
2016-08-10 14:59:02
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0148)
2016-05-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2147-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-556-1)
2023-03-08 00:00:00
debiancve
debiancve
CVE-2016-4051
2016-04-25 14:59:02
CVE-2016-5408
2016-08-10 14:59:00
cvelist
cvelist
CVE-2016-4051
2016-04-25 14:00:00
CVE-2016-5408
2016-08-10 14:00:00
mageia
mageia
Updated squid packages fix CVE-2016-4051
2016-04-25 10:57:21
amazon
amazon
Medium: squid
2016-08-17 13:30:00
Medium: squid
2016-06-15 13:30:00
redhat
redhat
(RHSA-2016:1573) Moderate: squid security update
2016-08-04 11:33:19
(RHSA-2016:1138) Moderate: squid security update
2016-05-31 04:53:29
(RHSA-2016:1139) Moderate: squid security update
2016-05-31 04:53:29
cve
cve
CVE-2016-5408
2016-08-10 14:59:02
centos
centos
squid security update
2016-08-04 12:51:39
squid security update
2016-05-31 10:56:37
squid security update
2016-05-31 11:59:06
archlinux
archlinux
squid: multiple issues
2016-04-23 00:00:00
freebsd
freebsd
squid -- multiple vulnerabilities
2016-04-20 00:00:00
oraclelinux
oraclelinux
squid security update
2016-05-31 00:00:00
squid security update
2016-05-31 00:00:00
squid34 security update
2016-05-31 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2016-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: squid-3.5.19-2.fc24
2016-07-12 20:35:35
[SECURITY] Fedora 23 Update: squid-3.5.10-4.fc23
2016-07-13 00:00:11
gentoo
gentoo
Squid: Multiple vulnerabilities
2016-07-09 00:00:00
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.014
Percentile
86.4%
Related for CVE-2016-4051