2.6

CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleLinux Version7
OracleSolaris Version11.2
Squid-cacheSquid Version3.2.0.1
Squid-cacheSquid Version3.2.0.2
Squid-cacheSquid Version3.2.0.3
Squid-cacheSquid Version3.2.0.4
Squid-cacheSquid Version3.2.0.5
Squid-cacheSquid Version3.2.0.6
Squid-cacheSquid Version3.2.0.7
Squid-cacheSquid Version3.2.0.8
Squid-cacheSquid Version3.2.0.9
Squid-cacheSquid Version3.2.0.10
Squid-cacheSquid Version3.2.0.11
Squid-cacheSquid Version3.2.0.12
Squid-cacheSquid Version3.2.0.13
Squid-cacheSquid Version3.2.0.14
Squid-cacheSquid Version3.2.0.15
Squid-cacheSquid Version3.2.0.16
Squid-cacheSquid Version3.2.0.17
Squid-cacheSquid Version3.2.0.18
Squid-cacheSquid Version3.2.0.19
Squid-cacheSquid Version3.2.1
Squid-cacheSquid Version3.2.2
Squid-cacheSquid Version3.2.3
Squid-cacheSquid Version3.2.4
Squid-cacheSquid Version3.2.5
Squid-cacheSquid Version3.2.6
Squid-cacheSquid Version3.2.7
Squid-cacheSquid Version3.2.8
Squid-cacheSquid Version3.2.9
Squid-cacheSquid Version3.2.10
Squid-cacheSquid Version3.2.11
Squid-cacheSquid Version3.2.12
Squid-cacheSquid Version3.2.13
Squid-cacheSquid Version3.3.0
Squid-cacheSquid Version3.3.0.1
Squid-cacheSquid Version3.3.0.2
Squid-cacheSquid Version3.3.0.3
Squid-cacheSquid Version3.3.1
Squid-cacheSquid Version3.3.2
Squid-cacheSquid Version3.3.3
Squid-cacheSquid Version3.3.4
Squid-cacheSquid Version3.3.5
Squid-cacheSquid Version3.3.6
Squid-cacheSquid Version3.3.7
Squid-cacheSquid Version3.3.8
Squid-cacheSquid Version3.3.9
Squid-cacheSquid Version3.3.10
Squid-cacheSquid Version3.3.11
Squid-cacheSquid Version3.3.12
Squid-cacheSquid Version3.3.13
Squid-cacheSquid Version3.4.0.1
Squid-cacheSquid Version3.4.0.2
Squid-cacheSquid Version3.4.0.3
Squid-cacheSquid Version3.4.1
Squid-cacheSquid Version3.4.2
Squid-cacheSquid Version3.4.3
Squid-cacheSquid Version3.4.4
Squid-cacheSquid Version3.4.5
Squid-cacheSquid Version3.4.6
Squid-cacheSquid Version3.4.7
Squid-cacheSquid Version3.4.8
Squid-cacheSquid Version3.4.9
Squid-cacheSquid Version3.4.10
Squid-cacheSquid Version3.4.11
Squid-cacheSquid Version3.4.12
Squid-cacheSquid Version3.5.0.1
Squid-cacheSquid Version3.5.0.2
Squid-cacheSquid Version3.5.0.3
Squid-cacheSquid Version3.5.0.4
Squid-cacheSquid Version3.5.1
Squid-cacheSquid Version3.5.2
FedoraprojectFedora Version22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.4% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://advisories.mageia.org/MGASA-2015-0191.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
http://rhn.redhat.com/errata/RHSA-2015-2378.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
Broken Link
http://www.securityfocus.com/bid/74438
http://www.securitytracker.com/id/1032221
Third Party Advisory
VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Vendor Advisory