Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-5400HistorySep 28, 2015 - 8:59 p.m.
CVE-2015-5400
2015-09-2820:59:00
Debian Security Bug Tracker
security-tracker.debian.org
10
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.9%
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 11 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 10 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 999 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
| Debian | 13 | all | squid | < 4.1-1 | squid_4.1-1_all.deb |
Related
debian
debian
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-03 20:33:08
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-03 20:33:08
[SECURITY] [DLA 286-1] squid3 security update
2015-07-30 08:53:00
osv
osv
squid3 - security update
2015-08-03 00:00:00
squid3 - security update
2015-07-30 00:00:00
cve
cve
CVE-2015-5400
2015-09-28 20:59:00
ubuntucve
ubuntucve
CVE-2015-5400
2015-09-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-09-28 20:59:00
securityvulns
securityvulns
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-10 00:00:00
squid restrictions bypass
2015-08-10 00:00:00
nessus
nessus
Debian DSA-3327-1 : squid3 - security update
2015-08-04 00:00:00
FreeBSD : squid -- Improper Protection of Alternate Path with CONNECT requests (150d1538-23fa-11e5-a4a5-002590263bf5)
2015-07-07 00:00:00
Squid 3.x < 3.5.6 Multiple Vulnerabilities
2015-10-13 00:00:00
freebsd
freebsd
squid -- Improper Protection of Alternate Path with CONNECT requests
2015-07-06 00:00:00
openvas
openvas
Squid 'cache_peer' Security Bypass Vulnerability (SQUID-2015:2)
2015-10-28 00:00:00
Debian: Security Advisory (DLA-286-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3327-1 (squid3 - security update)
2015-08-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.5.10-alt1
2015-10-20 00:00:00
mageia
mageia
Updated squid packages fix CVE-2015-5400
2015-09-08 20:55:59
fedora
fedora
[SECURITY] Fedora 22 Update: libecap-1.0.0-1.fc22
2016-05-06 19:58:05
[SECURITY] Fedora 22 Update: squid-3.5.10-1.fc22
2016-05-06 19:58:05
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.9%
Related for DEBIANCVE:CVE-2015-5400