rpm package
suse/squid&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4554 | Hig | 8.6 | < 2.7.STABLE5-2.12.29.1 | 2.7.STABLE5-2.12.29.1 | May 10, 2016 | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | |
| CVE-2016-4051 | Hig | 8.8 | < 2.7.STABLE5-2.12.29.1 | 2.7.STABLE5-2.12.29.1 | Apr 25, 2016 | Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. | |
| CVE-2014-9749 | — | < 2.7.STABLE5-2.12.24.2 | 2.7.STABLE5-2.12.24.2 | Nov 6, 2015 | Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | ||
| CVE-2014-6270 | — | < 2.7.STABLE5-2.12.24.2 | 2.7.STABLE5-2.12.24.2 | Sep 12, 2014 | Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer |
- affected < 2.7.STABLE5-2.12.29.1fixed 2.7.STABLE5-2.12.29.1
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
- affected < 2.7.STABLE5-2.12.29.1fixed 2.7.STABLE5-2.12.29.1
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
- CVE-2014-9749Nov 6, 2015affected < 2.7.STABLE5-2.12.24.2fixed 2.7.STABLE5-2.12.24.2
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
- CVE-2014-6270Sep 12, 2014affected < 2.7.STABLE5-2.12.24.2fixed 2.7.STABLE5-2.12.24.2
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer