Squid Security Vulnerabilities and Issues — Squid CVE List

Lucene search

Squid-cacheSquid

4 matches found

CVE•added 2015/02/20 11:59 a.m.•74 views

CVE-2015-0881

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

4.3CVSS7AI score0.01809EPSS

CVE•added 2015/05/18 3:59 p.m.•69 views

CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificat...

2.6CVSS7.2AI score0.05013EPSS

CVE•added 2015/09/28 8:59 p.m.•65 views

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

6.8CVSS6.9AI score0.2154EPSS

CVE•added 2015/11/06 9:59 p.m.•51 views

CVE-2014-9749

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

4CVSS7.2AI score0.02832EPSS