CVE-2014-9749Squid vulnerability

CWE-2646 documents6 sources
Severity
4.0MEDIUMNVD
EPSS
1.9%
top 16.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensuseSquid-cache Squid
Timeline
PublishedNov 6
Latest updateMay 14

Description

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDsquid-cache/squid15 versions+14
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

2
GHSA
GHSA-4g27-gq63-x5mg: Squid 32022-05-14
CVEList
CVE-2014-9749: Squid 32015-11-06

📋Vendor Advisories

2
Red Hat
squid: Nonce replay vulnerability in Digest authentication2015-01-28
Debian
CVE-2014-9749: squid - Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication...2014

💬Community

1
Bugzilla
CVE-2014-9749 squid: Nonce replay vulnerability in Digest authentication2015-01-28
CVE-2014-9749 — Squid-cache Squid vulnerability | cvebase