Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9776.PRM
HistoryNov 11, 2016 - 12:00 a.m.

Squid 3.5.x < 3.5.18 Multiple Vulnerabilities

2016-11-1100:00:00
Tenable
www.tenable.com
10
JSON

Versions of Squid 3.5.x prior to 3.5.18 are affected by multiple vulnerabilities :

  • A flaw is triggered as input is not properly validated when handling HTTP request messages. This may allow a remote attacker to conduct a cache poisoning attack.
  • A flaw is triggered as input is not properly sanitized when handling specially crafted host headers. This may allow a remote attacker to bypass same-origin protection mechanisms and cause the program to contact the wrong origin server. This may also poison downstream caches.
  • Flaws in pointer handling and reference counting are triggered when handling specially crafted ESI response syntax. This may allow a remote server to cause a denial of service for Squid clients.
Binary data 9776.prm
VendorProductVersionCPE
squid-cachesquidcpe:/a:squid-cache:squid
JSON