CVE-2014-9749
published 2015-11-06CVE-2014-9749: Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a…
PriorityP425medium4CVSS 2.0
AVNACLAuSCNIPAN
EPSS
11.44%
95.5th percentile
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_debian4.0LOW
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g27-gq63-x5mg: Squid 3
ghsa_unreviewed·2022-05-14
CVE-2014-9749 [MEDIUM] GHSA-4g27-gq63-x5mg: Squid 3
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Red Hat
squid: Nonce replay vulnerability in Digest authentication
vendor_redhat·2015-01-28·CVSS 4.0
CVE-2014-9749 [MEDIUM] squid: Nonce replay vulnerability in Digest authentication
squid: Nonce replay vulnerability in Digest authentication
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Package: squid (Red Hat Enterprise Linux 5) - Will not fix
Package: squid (Red Hat Enterprise Linux 6) - Will not fix
Package: squid (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2014-9749: squid - Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication...
vendor_debian·2014·CVSS 4.0
CVE-2014-9749 [MEDIUM] CVE-2014-9749: squid - Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication...
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://bugs.squid-cache.org/show_bug.cgi?id=4066http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.htmlhttp://www.openwall.com/lists/oss-security/2015/10/01/1http://www.openwall.com/lists/oss-security/2015/10/11/4http://www.openwall.com/lists/oss-security/2015/10/12/2http://bugs.squid-cache.org/show_bug.cgi?id=4066http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.htmlhttp://www.openwall.com/lists/oss-security/2015/10/01/1http://www.openwall.com/lists/oss-security/2015/10/11/4http://www.openwall.com/lists/oss-security/2015/10/12/2
2015-11-06
Published