Unrated severityNVD Advisory· Published Sep 28, 2015· Updated May 6, 2026
CVE-2015-5400
CVE-2015-5400
Description
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- osv-coords5 versionspkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
< 3.5.22-1.1+ 4 more
- (no CPE)range: < 3.5.22-1.1
- (no CPE)range: < 3.1.23-8.16.30.1
- (no CPE)range: < 3.1.23-8.16.30.1
- (no CPE)range: < 3.3.14-20.2
- (no CPE)range: < 3.3.14-20.2
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- www.openwall.com/lists/oss-security/2015/07/17/14nvdExploit
- www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patchnvdExploitVendor Advisory
- www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patchnvdExploitVendor Advisory
- www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patchnvdExploitVendor Advisory
- www.squid-cache.org/Advisories/SQUID-2015_2.txtnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlnvd
- www.debian.org/security/2015/dsa-3327nvd
- www.openwall.com/lists/oss-security/2015/07/06/8nvd
- www.openwall.com/lists/oss-security/2015/07/09/12nvd
- www.openwall.com/lists/oss-security/2015/07/10/2nvd
- www.securityfocus.com/bid/75553nvd
- www.securitytracker.com/id/1032873nvd
News mentions
0No linked articles in our index yet.