Squid Security Vulnerabilities and Issues — Squid CVE List

Lucene search

Squid-cacheSquid

4 matches found

CVE•added 2016/05/10 7:59 p.m.•111 views

CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5CVSS7.5AI score0.39329EPSS

CVE•added 2016/05/10 7:59 p.m.•105 views

CVE-2016-4555

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

7.5CVSS7.5AI score0.3805EPSS

CVE•added 2016/05/10 7:59 p.m.•88 views

CVE-2016-4554

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

8.6CVSS8.2AI score0.40573EPSS

CVE•added 2016/05/10 7:59 p.m.•83 views

CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

8.6CVSS8.2AI score0.4504EPSS