Vulnerabilities > Squid Cache > Squid > 3.4.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-27 | CVE-2016-2569 | Improper Input Validation vulnerability in Squid-Cache Squid Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | 5.0 |
2015-11-06 | CVE-2014-9749 | Permissions, Privileges, and Access Controls vulnerability in multiple products Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | 4.0 |
2015-09-28 | CVE-2015-5400 | Permissions, Privileges, and Access Controls vulnerability in multiple products Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | 6.8 |
2015-05-18 | CVE-2015-3455 | Improper Input Validation vulnerability in multiple products Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | 2.6 |