CVE-2015-3455

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

References

http://advisories.mageia.org/MGASA-2015-0191.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html

http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

http://rhn.redhat.com/errata/RHSA-2015-2378.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:230

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/74438

http://www.securitytracker.com/id/1032221

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt

Details

Source: MITRE

Published: 2015-05-18

Updated: 2019-12-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
93279SUSE SLES12 Security Update : squid (SUSE-SU-2016:2008-1)NessusSuSE Local Security Checks
high
92994openSUSE Security Update : squid (openSUSE-2016-988)NessusSuSE Local Security Checks
high
90960Fedora 22 : libecap-1.0.0-1.fc22 / squid-3.5.10-1.fc22 (2016-7b40eb9e29)NessusFedora Local Security Checks
medium
87574Scientific Linux Security Update : squid on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
low
87154CentOS 7 : squid (CESA-2015:2378)NessusCentOS Local Security Checks
low
87037Oracle Linux 7 : squid (ELSA-2015-2378)NessusOracle Linux Local Security Checks
low
86986RHEL 7 : squid (RHSA-2015:2378)NessusRed Hat Local Security Checks
low
8869Squid 3.2.x < 3.2.14 / 3.3.x < 3.3.14 / 3.4.x < 3.4.13 / 3.5.x < 3.5.4 X.509 Certificate Validation VulnerabilityNessus Network MonitorWeb Servers
medium
85927openSUSE Security Update : squid (openSUSE-2015-581)NessusSuSE Local Security Checks
low
84555FreeBSD : squid -- client-first SSL-bump does not correctly validate X509 server certificate (b6da24da-23f7-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
low
83529Squid 3.2 < 3.5.4 Incorrect X509 Server Certificate Validation VulnerabilityNessusFirewalls
low
83276Mandriva Linux Security Advisory : squid (MDVSA-2015:230)NessusMandriva Local Security Checks
low