CVE-2016-4554

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

http://www.debian.org/security/2016/dsa-3625

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securitytracker.com/id/1035769

http://www.squid-cache.org/Advisories/SQUID-2016_8.txt

http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch

http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch

http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch

http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch

http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch

http://www.ubuntu.com/usn/USN-2995-1

https://access.redhat.com/errata/RHSA-2016:1138

https://access.redhat.com/errata/RHSA-2016:1139

https://access.redhat.com/errata/RHSA-2016:1140

https://security.gentoo.org/glsa/201607-01

Details

Source: MITRE

Published: 2016-05-10

Updated: 2019-12-27

Type: CWE-345

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Impact Score: 4

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* versions up to 3.5.17 (inclusive)

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
108809Squid < 3.5.18 Host Header Handling Same-Origin Protection / Content Filtering Bypass (SQUID-2016:8)NessusFirewalls
high
99788EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)NessusHuawei Local Security Checks
high
9776Squid 3.5.x < 3.5.18 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
93306SUSE SLES11 Security Update : squid (SUSE-SU-2016:2147-1)NessusSuSE Local Security Checks
high
93294SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)NessusSuSE Local Security Checks
high
93279SUSE SLES12 Security Update : squid (SUSE-SU-2016:2008-1)NessusSuSE Local Security Checks
high
93271SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)NessusSuSE Local Security Checks
high
92994openSUSE Security Update : squid (openSUSE-2016-988)NessusSuSE Local Security Checks
high
92545Debian DLA-558-1 : squid security updateNessusDebian Local Security Checks
high
92525Debian DSA-3625-1 : squid3 - security updateNessusDebian Local Security Checks
high
92285Fedora 23 : 7:squid (2016-b3b9407940)NessusFedora Local Security Checks
high
92268Fedora 24 : 7:squid (2016-95edf19d8a)NessusFedora Local Security Checks
high
91982GLSA-201607-01 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91646Scientific Linux Security Update : squid on SL6.x i386/x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91645Scientific Linux Security Update : squid34 on SL6.x i386/x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91627Amazon Linux AMI : squid (ALAS-2016-713)NessusAmazon Linux Local Security Checks
high
91558Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : squid3 vulnerabilities (USN-2995-1)NessusUbuntu Local Security Checks
high
91513Scientific Linux Security Update : squid on SL7.x x86_64 (20160531)NessusScientific Linux Local Security Checks
high
91417Oracle Linux 6 : squid34 (ELSA-2016-1140)NessusOracle Linux Local Security Checks
high
91416Oracle Linux 7 : squid (ELSA-2016-1139)NessusOracle Linux Local Security Checks
high
91415Oracle Linux 6 : squid (ELSA-2016-1138)NessusOracle Linux Local Security Checks
high
91393CentOS 6 : squid34 (CESA-2016:1140)NessusCentOS Local Security Checks
high
91392CentOS 7 : squid (CESA-2016:1139)NessusCentOS Local Security Checks
high
91391CentOS 6 : squid (CESA-2016:1138)NessusCentOS Local Security Checks
high
91383RHEL 6 : squid34 (RHSA-2016:1140)NessusRed Hat Local Security Checks
high
91382RHEL 7 : squid (RHSA-2016:1139)NessusRed Hat Local Security Checks
high
91381RHEL 6 : squid (RHSA-2016:1138)NessusRed Hat Local Security Checks
high
91173Debian DLA-478-1 : squid3 security updateNessusDebian Local Security Checks
high
90980FreeBSD : squid -- multiple vulnerabilities (25e5205b-1447-11e6-9ead-6805ca0b3d42)NessusFreeBSD Local Security Checks
high