CVE-2016-4554
published 2016-05-10CVE-2016-4554: mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a…
high8.6CVSS 3.0
AVNACLPRNUINSCCNIHAN
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| oracle | linux | — | — |
| oracle | linux | — | — |
| squid-cache | squid | <= 3.5.17 | — |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
osv8.6HIGH