Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Squid
(Squid\-Cache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 99 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-15 | CVE-2019-12524 | An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. | Ubuntu_linux, Debian_linux, Squid | 9.8 | ||
| 2018-11-09 | CVE-2018-19132 | Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | Debian_linux, Squid | 5.9 | ||
| 2016-05-10 | CVE-2016-4556 | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | Ubuntu_linux, Linux, Squid | 7.5 | ||
| 2016-05-10 | CVE-2016-4555 | client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. | Ubuntu_linux, Linux, Squid | 7.5 | ||
| 2016-05-10 | CVE-2016-4554 | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | Ubuntu_linux, Linux, Squid | 8.6 | ||
| 2016-05-10 | CVE-2016-4553 | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | Ubuntu_linux, Linux, Squid | 8.6 | ||
| 2016-04-25 | CVE-2016-4054 | Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. | Ubuntu_linux, Linux, Squid | 8.1 | ||
| 2016-04-25 | CVE-2016-4053 | Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. | Ubuntu_linux, Linux, Squid | 3.7 | ||
| 2016-04-25 | CVE-2016-4051 | Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. | Ubuntu_linux, Linux, Squid | 8.8 | ||
| 2015-05-18 | CVE-2015-3455 | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | Fedora, Linux, Solaris, Squid | N/A |