Shodan
Vulnerabilities
Vulnerable Software
Squid-Cache:  >> Squid  >> 3.4.12  Security Vulnerabilities
CVE-2016-3947
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
CVSS Score
8.2
EPSS Score
0.539
Published
2016-04-07
CVE-2016-2571
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVSS Score
7.5
EPSS Score
0.156
Published
2016-02-27
CVE-2016-2570
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
CVSS Score
7.5
EPSS Score
0.058
Published
2016-02-27
CVE-2016-2569
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVSS Score
7.5
EPSS Score
0.658
Published
2016-02-27
CVE-2014-9749
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
CVSS Score
4.0
EPSS Score
0.011
Published
2015-11-06
CVE-2015-5400
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
CVSS Score
6.8
EPSS Score
0.336
Published
2015-09-28
CVE-2015-3455
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
CVSS Score
2.6
EPSS Score
0.021
Published
2015-05-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved