CVE-2015-5400

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-09-2015 10:59

Last modified: - 04-10-2022 08:28

Total changes: - 2

Description

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20150706 Squid HTTP proxy CVE request-
DSA-3327-
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
[oss-security] 20150710 Re: Squid HTTP proxy CVE request-
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
[oss-security] 20150709 Re: Squid HTTP proxy CVE request-
[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request-Exploit
FEDORA-2016-7b40eb9e29-
SUSE-SU-2016:2089-
75553-
SUSE-SU-2016:1996-
openSUSE-SU-2016:2081-
1032873-

Keywords

CVE-2015-5400

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-5400

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures