Vulnerabilities > Squid Cache > Squid > 3.0.stable25

DATE CVE VULNERABILITY TITLE RISK
2018-11-09 CVE-2018-19131 Cross-site Scripting vulnerability in Squid-Cache Squid
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
network
low complexity
squid-cache CWE-79
6.1
2018-02-09 CVE-2018-1000027 NULL Pointer Dereference vulnerability in multiple products
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy.
network
low complexity
squid-cache debian canonical CWE-476
7.5
2018-02-09 CVE-2018-1000024 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy..
network
low complexity
squid-cache debian canonical
7.5
2016-05-10 CVE-2016-4554 Insufficient Verification of Data Authenticity vulnerability in multiple products
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
network
low complexity
oracle squid-cache canonical CWE-345
8.6
2016-05-10 CVE-2016-4553 Insufficient Verification of Data Authenticity vulnerability in multiple products
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
network
low complexity
canonical squid-cache oracle CWE-345
8.6
2016-04-19 CVE-2016-2390 Improper Input Validation vulnerability in Squid-Cache Squid
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
network
high complexity
squid-cache CWE-20
5.9
2016-04-07 CVE-2016-3948 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Squid-Cache Squid
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
network
low complexity
squid-cache CWE-119
7.5
2016-04-07 CVE-2016-3947 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
network
low complexity
squid-cache canonical CWE-119
8.2
2016-02-27 CVE-2016-2571 Improper Input Validation vulnerability in Squid-Cache Squid
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
network
low complexity
squid-cache CWE-20
7.5
2016-02-27 CVE-2016-2570 Improper Input Validation vulnerability in Squid-Cache Squid
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
network
low complexity
squid-cache CWE-20
7.5