Squid@4.0.7 Security Vulnerabilities and Issues — Squid@4.0.7 CVE List

Lucene search

Squid-cacheSquid4.0.7

10 matches found

CVE•added 2017/01/27 5:59 p.m.•221 views

CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe ...

7.5CVSS7.2AI score0.10413EPSS

CVE•added 2016/04/25 2:59 p.m.•183 views

CVE-2016-4054

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

8.1CVSS8.7AI score0.77003EPSS

CVE•added 2016/04/25 2:59 p.m.•138 views

CVE-2016-4051

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

8.8CVSS8.8AI score0.05513EPSS

CVE•added 2016/04/25 2:59 p.m.•126 views

CVE-2016-4052

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

8.1CVSS8.5AI score0.13625EPSS

CVE•added 2016/05/10 7:59 p.m.•111 views

CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5CVSS7.5AI score0.56857EPSS

CVE•added 2016/04/25 2:59 p.m.•108 views

CVE-2016-4053

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

4.3CVSS5.8AI score0.09506EPSS

CVE•added 2016/05/10 7:59 p.m.•105 views

CVE-2016-4555

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

7.5CVSS7.5AI score0.68924EPSS

CVE•added 2016/04/07 6:59 p.m.•85 views

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

7.5CVSS7.2AI score0.59748EPSS

CVE•added 2016/04/07 6:59 p.m.•84 views

CVE-2016-3947

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 pac...

8.2CVSS8.1AI score0.7881EPSS

CVE•added 2016/05/10 7:59 p.m.•83 views

CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

8.6CVSS8.2AI score0.8591EPSS