Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3455HistoryMay 18, 2015 - 3:59 p.m.
CVE-2015-3455
2015-05-1815:59:00
Debian Security Bug Tracker
security-tracker.debian.org
10
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.017 Low
EPSS
Percentile
87.5%
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 11 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 10 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 999 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 13 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
Related
nessus
nessus
Scientific Linux Security Update : squid on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
Squid 3.2 < 3.5.4 Incorrect X509 Server Certificate Validation Vulnerability
2015-05-19 00:00:00
redhat
redhat
(RHSA-2015:2378) Moderate: squid security and bug fix update
2015-11-19 13:41:16
mageia
mageia
Updated squid packages fix CVE-2015-3455
2015-05-05 16:36:50
securityvulns
securityvulns
[ MDVSA-2015:230 ] squid
2015-05-11 00:00:00
squid insufficient certificate validation
2015-05-11 00:00:00
archlinux
archlinux
squid: weak certificate validation
2015-05-01 00:00:00
centos
centos
squid security update
2015-11-30 19:52:33
ubuntucve
ubuntucve
CVE-2015-3455
2015-05-18 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0191)
2022-01-28 00:00:00
Squid SSL-Bump Certificate Validation Bypass Vulnerability (SQUID-2015:1)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2015-2378)
2015-11-24 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2015-11-23 00:00:00
prion
prion
Code injection
2015-05-18 15:59:00
freebsd
freebsd
cve
cve
CVE-2015-3455
2015-05-18 15:59:00
checkpoint_advisories
checkpoint_advisories
fedora
fedora
[SECURITY] Fedora 22 Update: libecap-1.0.0-1.fc22
2016-05-06 19:58:05
[SECURITY] Fedora 22 Update: squid-3.5.10-1.fc22
2016-05-06 19:58:05
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.017 Low
EPSS
Percentile
87.5%
Related for DEBIANCVE:CVE-2015-3455