Vulnerabilities > Squid Cache > Squid > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-27 CVE-2016-2571 Improper Input Validation vulnerability in Squid-Cache Squid
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
network
low complexity
squid-cache CWE-20
5.0
2016-02-27 CVE-2016-2570 Improper Input Validation vulnerability in Squid-Cache Squid
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
network
low complexity
squid-cache CWE-20
5.0
2016-02-27 CVE-2016-2569 Improper Input Validation vulnerability in Squid-Cache Squid
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
network
low complexity
squid-cache CWE-20
5.0
2015-11-06 CVE-2014-9749 Permissions, Privileges, and Access Controls vulnerability in multiple products
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
network
low complexity
squid-cache opensuse CWE-264
4.0
2015-09-28 CVE-2015-5400 Permissions, Privileges, and Access Controls vulnerability in multiple products
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
6.8
2015-02-20 CVE-2015-0881 HTTP Header Injection vulnerability in Squid
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
network
squid-cache
4.3
2014-11-26 CVE-2014-7142 Improper Input Validation vulnerability in multiple products
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
network
low complexity
oracle canonical squid-cache CWE-20
6.4
2014-11-26 CVE-2014-7141 Data Processing Errors vulnerability in Squid-Cache Squid
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
network
low complexity
squid-cache CWE-19
6.4
2014-09-12 CVE-2014-6270 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
6.8
2014-09-11 CVE-2014-3609 Improper Input Validation vulnerability in Squid-Cache Squid
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
network
low complexity
squid-cache CWE-20
5.0