CVE-2016-4553
published 2016-05-10CVE-2016-4553: client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote…
high8.6CVSS 3.0
AVNACLPRNUINSCCNIHAN
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | squid | — | — |
| oracle | linux | — | — |
| squid-cache | squid | <= 3.5.17 | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
osv8.6HIGH