VYPR
Get started
← All advisories
High severity8.6NVD Advisory· Published May 10, 2016· Updated May 6, 2026

CVE-2016-4553

CVE-2016-4553

Description

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

Affected products

15
  • Squid Cache/Squid10 versions
    cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*range: <=3.5.17
    • cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • Oracle Corporation/Linux
    cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.