NVD

Id
20170  
Name
CVE-2016-4553  
Description
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-05-10  
Modified Date
2016-11-29  
Seq
2016-4553  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
110057 20170 CVE-2016-4553 http://bugs.squid-cache.org/show_bug.cgi?id=4501  View
110058 20170 CVE-2016-4553 SUSE-SU-2016:1996  View
110059 20170 CVE-2016-4553 SUSE-SU-2016:2089  View
110060 20170 CVE-2016-4553 openSUSE-SU-2016:2081  View
110061 20170 CVE-2016-4553 DSA-3625  View
110062 20170 CVE-2016-4553 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html  View
110063 20170 CVE-2016-4553 1035768  View
110064 20170 CVE-2016-4553 http://www.squid-cache.org/Advisories/SQUID-2016_7.txt  View
110065 20170 CVE-2016-4553 http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch  View
110066 20170 CVE-2016-4553 USN-2995-1  View
110067 20170 CVE-2016-4553 RHSA-2016:1139  View
110068 20170 CVE-2016-4553 RHSA-2016:1140  View
110069 20170 CVE-2016-4553 GLSA-201607-01  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1951 JVNDB-2016-002724 Squid の client_side.cc におけるキャッシュポイズニング攻撃を実行される脆弱性 Squid の client_side.cc は、絶対 URI が提供される場合、Host ヘッダを適切に無視しないため、キャッシュポイズニング攻撃を実行される脆弱性が存在します。 CVE-2016-4553 91059 CVE-2016-4553 20170 5 8.6 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002724.html 2016-05-06 2016-11-17 View