Lucene search

K

PRIOn knowledge basePRION:CVE-2016-4553

HistoryMay 10, 2016 - 7:59 p.m.

Cross site request forgery (csrf)

2016-05-1019:59:00

PRIOn knowledge base

www.prio-n.com

9

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.529 Medium

EPSS

Percentile

97.5%

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq16.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
linuxeq7
squidle3.5.17
squideq4.0.5
squideq4.0.3
squideq4.0.1
squideq4.0.8

Rows per page:

1-10 of 151

References

bugs.squid-cache.org/show_bug.cgi?id=4501

lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

www.debian.org/security/2016/dsa-3625

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securitytracker.com/id/1035768

www.squid-cache.org/Advisories/SQUID-2016_7.txt

www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch

www.ubuntu.com/usn/USN-2995-1

access.redhat.com/errata/RHSA-2016:1139

access.redhat.com/errata/RHSA-2016:1140

security.gentoo.org/glsa/201607-01

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.529 Medium

EPSS

Percentile

97.5%

Related for PRION:CVE-2016-4553

checkpoint_advisories1 ubuntucve1 cve1 openvas15 debiancve1 nessus20 redhatcve1 mageia1 freebsd1 altlinux1 oraclelinux3 redhat2 centos2 ubuntu1 fedora2 gentoo1 suse2