CVE
- Id
- 91373
- CVE No.
- CVE-2016-4554
- Status
- Candidate
- Description
- mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
- Phase
- Assigned (20160506)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 784846 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2016_8.txt | View |
| 784847 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch | View |
| 784848 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch | View |
| 784849 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch | View |
| 784850 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch | View |
| 784851 | 91373 | CVE-2016-4554 | CONFIRM:http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch | View |
| 784852 | 91373 | CVE-2016-4554 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | View |
| 784853 | 91373 | CVE-2016-4554 | DEBIAN:DSA-3625 | View |
| 784854 | 91373 | CVE-2016-4554 | URL:http://www.debian.org/security/2016/dsa-3625 | View |
| 784855 | 91373 | CVE-2016-4554 | GENTOO:GLSA-201607-01 | View |
| 784856 | 91373 | CVE-2016-4554 | URL:https://security.gentoo.org/glsa/201607-01 | View |
| 784857 | 91373 | CVE-2016-4554 | REDHAT:RHSA-2016:1138 | View |
| 784858 | 91373 | CVE-2016-4554 | URL:https://access.redhat.com/errata/RHSA-2016:1138 | View |
| 784859 | 91373 | CVE-2016-4554 | REDHAT:RHSA-2016:1139 | View |
| 784860 | 91373 | CVE-2016-4554 | URL:https://access.redhat.com/errata/RHSA-2016:1139 | View |
| 784861 | 91373 | CVE-2016-4554 | REDHAT:RHSA-2016:1140 | View |
| 784862 | 91373 | CVE-2016-4554 | URL:https://access.redhat.com/errata/RHSA-2016:1140 | View |
| 784863 | 91373 | CVE-2016-4554 | SUSE:openSUSE-SU-2016:2081 | View |
| 784864 | 91373 | CVE-2016-4554 | URL:http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | View |
| 784865 | 91373 | CVE-2016-4554 | SUSE:SUSE-SU-2016:1996 | View |
| 784866 | 91373 | CVE-2016-4554 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | View |
| 784867 | 91373 | CVE-2016-4554 | SUSE:SUSE-SU-2016:2089 | View |
| 784868 | 91373 | CVE-2016-4554 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | View |
| 784869 | 91373 | CVE-2016-4554 | UBUNTU:USN-2995-1 | View |
| 784870 | 91373 | CVE-2016-4554 | URL:http://www.ubuntu.com/usn/USN-2995-1 | View |
| 784871 | 91373 | CVE-2016-4554 | SECTRACK:1035769 | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 180 | JVNDB-2016-000187 | サイボウズ Office のプロジェクト機能におけるアクセス制限不備の脆弱性 | サイボウズ株式会社が提供する サイボウズ Office には、プロジェクト機能におけるアクセス制限不備の脆弱性が存在します。 | CVE-2016-4867 | 91373 | 4 | 4.3 | http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000187.html | View |
