CVE-2016-4553

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

References

http://bugs.squid-cache.org/show_bug.cgi?id=4501

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

http://www.debian.org/security/2016/dsa-3625

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securitytracker.com/id/1035768

http://www.squid-cache.org/Advisories/SQUID-2016_7.txt

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch

http://www.ubuntu.com/usn/USN-2995-1

https://access.redhat.com/errata/RHSA-2016:1139

https://access.redhat.com/errata/RHSA-2016:1140

https://security.gentoo.org/glsa/201607-01

Details

Source: MITRE

Published: 2016-05-10

Updated: 2019-12-27

Type: CWE-345

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Impact Score: 4

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 2

OR

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* versions up to 3.5.17 (inclusive)

Configuration 3

OR

cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
119722Squid 3.2.0.11 < 3.x < 3.5.18 / 4.x < 4.0.10 Cache Poisoning Vulnerability (SQUID-2016:7)NessusFirewalls
high
99788EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)NessusHuawei Local Security Checks
high
9776Squid 3.5.x < 3.5.18 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
93294SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)NessusSuSE Local Security Checks
high
93279SUSE SLES12 Security Update : squid (SUSE-SU-2016:2008-1)NessusSuSE Local Security Checks
high
93271SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)NessusSuSE Local Security Checks
high
92994openSUSE Security Update : squid (openSUSE-2016-988)NessusSuSE Local Security Checks
high
92525Debian DSA-3625-1 : squid3 - security updateNessusDebian Local Security Checks
high
92285Fedora 23 : 7:squid (2016-b3b9407940)NessusFedora Local Security Checks
high
92268Fedora 24 : 7:squid (2016-95edf19d8a)NessusFedora Local Security Checks
high
91982GLSA-201607-01 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91645Scientific Linux Security Update : squid34 on SL6.x i386/x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91558Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : squid3 vulnerabilities (USN-2995-1)NessusUbuntu Local Security Checks
high
91513Scientific Linux Security Update : squid on SL7.x x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91417Oracle Linux 6 : squid34 (ELSA-2016-1140)NessusOracle Linux Local Security Checks
high
91416Oracle Linux 7 : squid (ELSA-2016-1139)NessusOracle Linux Local Security Checks
high
91393CentOS 6 : squid34 (CESA-2016:1140)NessusCentOS Local Security Checks
high
91392CentOS 7 : squid (CESA-2016:1139)NessusCentOS Local Security Checks
high
91383RHEL 6 : squid34 (RHSA-2016:1140)NessusRed Hat Local Security Checks
high
91382RHEL 7 : squid (RHSA-2016:1139)NessusRed Hat Local Security Checks
high
90980FreeBSD : squid -- multiple vulnerabilities (25e5205b-1447-11e6-9ead-6805ca0b3d42)NessusFreeBSD Local Security Checks
high