Lucene search
Ubuntu.comUB:CVE-2015-5400HistorySep 28, 2015 - 12:00 a.m.
CVE-2015-5400
2015-09-2800:00:00
ubuntu.com
ubuntu.com
8
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.8%
Squid before 3.5.6 does not properly handle CONNECT method peer responses
when configured with cache_peer, which allows remote attackers to bypass
intended restrictions and gain access to a backend proxy via a CONNECT
request.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | non-default configuration, and needs substantial backporting There are no current plans to fix this CVE in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. |
Related
prion
prion
Cross site request forgery (csrf)
2015-09-28 20:59:00
debian
debian
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-03 20:33:08
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-03 20:33:08
[SECURITY] [DLA 286-1] squid3 security update
2015-07-30 08:53:00
osv
osv
squid3 - security update
2015-08-03 00:00:00
squid3 - security update
2015-07-30 00:00:00
cve
cve
CVE-2015-5400
2015-09-28 20:59:00
nessus
nessus
Debian DSA-3327-1 : squid3 - security update
2015-08-04 00:00:00
FreeBSD : squid -- Improper Protection of Alternate Path with CONNECT requests (150d1538-23fa-11e5-a4a5-002590263bf5)
2015-07-07 00:00:00
Squid 3.x < 3.5.6 Multiple Vulnerabilities
2015-10-13 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3327-1] squid3 security update
2015-08-10 00:00:00
squid restrictions bypass
2015-08-10 00:00:00
freebsd
freebsd
squid -- Improper Protection of Alternate Path with CONNECT requests
2015-07-06 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-286-1)
2023-03-08 00:00:00
Squid 'cache_peer' Security Bypass Vulnerability (SQUID-2015:2)
2015-10-28 00:00:00
Debian Security Advisory DSA 3327-1 (squid3 - security update)
2015-08-03 00:00:00
mageia
mageia
Updated squid packages fix CVE-2015-5400
2015-09-08 20:55:59
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.5.10-alt1
2015-10-20 00:00:00
debiancve
debiancve
CVE-2015-5400
2015-09-28 20:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: squid-3.5.10-1.fc22
2016-05-06 19:58:05
[SECURITY] Fedora 22 Update: libecap-1.0.0-1.fc22
2016-05-06 19:58:05
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.8%
Related for UB:CVE-2015-5400