rpm package

suse/squid3&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Vulnerabilities (30)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-19131		—	< 3.1.23-8.16.37.9.1	3.1.23-8.16.37.9.1	Nov 9, 2018	Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2018-1172		—	< 3.1.23-8.16.37.6.1	3.1.23-8.16.37.6.1	May 16, 2018	This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck().
CVE-2018-1000027		—	< 3.1.23-8.16.37.3.1	3.1.23-8.16.37.3.1	Feb 9, 2018	The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be e
CVE-2018-1000024		—	< 3.1.23-8.16.37.3.1	3.1.23-8.16.37.3.1	Feb 9, 2018	The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable v
CVE-2016-10002	Hig	7.5	< 3.1.23-8.16.36.1	3.1.23-8.16.36.1	Jan 27, 2017	Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by
CVE-2016-4556	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	May 10, 2016	Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-4555	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	May 10, 2016	client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4554	Hig	8.6	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	May 10, 2016	mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
CVE-2016-4553	Hig	8.6	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	May 10, 2016	client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2016-4054	Hig	8.1	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 25, 2016	Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4053	Low	3.7	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 25, 2016	Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2016-4052	Hig	8.1	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 25, 2016	Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4051	Hig	8.8	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 25, 2016	Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
CVE-2016-2390	Med	5.9	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 19, 2016	The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintex
CVE-2016-3948	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 7, 2016	Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-3947	Hig	8.2	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Apr 7, 2016	Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log file
CVE-2016-2572	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Feb 27, 2016	http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2571	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Feb 27, 2016	http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Feb 27, 2016	The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/Custom
CVE-2016-2569	Hig	7.5	< 3.1.23-8.16.30.1	3.1.23-8.16.30.1	Feb 27, 2016	Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

CVE-2018-19131Nov 9, 2018
affected < 3.1.23-8.16.37.9.1fixed 3.1.23-8.16.37.9.1
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2018-1172May 16, 2018
affected < 3.1.23-8.16.37.6.1fixed 3.1.23-8.16.37.6.1
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck().
CVE-2018-1000027Feb 9, 2018
affected < 3.1.23-8.16.37.3.1fixed 3.1.23-8.16.37.3.1
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be e
CVE-2018-1000024Feb 9, 2018
affected < 3.1.23-8.16.37.3.1fixed 3.1.23-8.16.37.3.1
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable v
CVE-2016-10002HigJan 27, 2017
affected < 3.1.23-8.16.36.1fixed 3.1.23-8.16.36.1
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by
CVE-2016-4556HigMay 10, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-4555HigMay 10, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4554HigMay 10, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
CVE-2016-4553HigMay 10, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2016-4054HigApr 25, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4053LowApr 25, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2016-4052HigApr 25, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4051HigApr 25, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
CVE-2016-2390MedApr 19, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintex
CVE-2016-3948HigApr 7, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-3947HigApr 7, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log file
CVE-2016-2572HigFeb 27, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2571HigFeb 27, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570HigFeb 27, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/Custom
CVE-2016-2569HigFeb 27, 2016
affected < 3.1.23-8.16.30.1fixed 3.1.23-8.16.30.1
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Page 1 of 2