Skip to main content
CVE-2016-4553 HIGH Act Now

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 82.8% and no vendor patch available.

Information Disclosure Ubuntu Linux Squid Linux
NVD
CVSS 3.0
8.6
EPSS
82.8%
Threat
4.2
CVE-2016-4555 HIGH POC PATCH THREAT Act Now

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.8%.

Denial Of Service Squid Ubuntu Linux Linux
NVD
CVSS 3.0
7.5
EPSS
62.8%
Threat
4.9
CVE-2016-4554 HIGH PATCH Act Now

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.9%.

Authentication Bypass Linux Squid Ubuntu Linux
NVD
CVSS 3.0
8.6
EPSS
68.9%
CVE-2016-4556 HIGH PATCH Act Now

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.9%.

Denial Of Service Squid Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
56.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy