Vulnerability Details : CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
Products affected by CVE-2016-4553
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
Threat overview for CVE-2016-4553
Top countries where our scanners detected CVE-2016-4553
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-4553 343,642
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-4553!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-4553
46.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4553
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2016-4553
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4553
-
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
Vendor Advisory
-
http://www.debian.org/security/2016/dsa-3625
Debian -- Security Information -- DSA-3625-1 squid3
-
http://bugs.squid-cache.org/show_bug.cgi?id=4501
Bug 4501 – Host of Troubles: General HTTP Cache Poisoning Attack against SquidVendor Advisory
-
https://access.redhat.com/errata/RHSA-2016:1139
RHSA-2016:1139 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2016:1140
RHSA-2016:1140 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2995-1
USN-2995-1: Squid vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
[security-announce] SUSE-SU-2016:2089-1: important: Security update for
-
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
openSUSE-SU-2016:2081-1: moderate: Security update for squid
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Third Party Advisory
-
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
[security-announce] SUSE-SU-2016:1996-1: important: Security update for
-
http://www.securitytracker.com/id/1035768
Squid Host Header Processing Lets Remote Users Bypass Security and Poison the Proxy Cache - SecurityTrackerThird Party Advisory
-
https://security.gentoo.org/glsa/201607-01
Squid: Multiple vulnerabilities (GLSA 201607-01) — Gentoo security
Jump to