7.5

CVE-2016-4555

Exploit
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version3.0
Squid-cacheSquid Version3.1
Squid-cacheSquid Version3.1.0.1
Squid-cacheSquid Version3.1.0.2
Squid-cacheSquid Version3.1.0.3
Squid-cacheSquid Version3.1.0.4
Squid-cacheSquid Version3.1.0.5
Squid-cacheSquid Version3.1.0.6
Squid-cacheSquid Version3.1.0.7
Squid-cacheSquid Version3.1.0.8
Squid-cacheSquid Version3.1.0.9
Squid-cacheSquid Version3.1.0.10
Squid-cacheSquid Version3.1.0.11
Squid-cacheSquid Version3.1.0.12
Squid-cacheSquid Version3.1.0.13
Squid-cacheSquid Version3.1.0.14
Squid-cacheSquid Version3.1.0.15
Squid-cacheSquid Version3.1.0.16
Squid-cacheSquid Version3.1.0.17
Squid-cacheSquid Version3.1.0.18
Squid-cacheSquid Version3.1.1
Squid-cacheSquid Version3.1.2
Squid-cacheSquid Version3.1.3
Squid-cacheSquid Version3.1.4
Squid-cacheSquid Version3.1.5
Squid-cacheSquid Version3.1.5.1
Squid-cacheSquid Version3.1.6
Squid-cacheSquid Version3.1.7
Squid-cacheSquid Version3.1.8
Squid-cacheSquid Version3.1.9
Squid-cacheSquid Version3.1.10
Squid-cacheSquid Version3.1.11
Squid-cacheSquid Version3.1.12
Squid-cacheSquid Version3.1.12.1
Squid-cacheSquid Version3.1.12.2
Squid-cacheSquid Version3.1.12.3
Squid-cacheSquid Version3.1.13
Squid-cacheSquid Version3.1.14
Squid-cacheSquid Version3.1.15
Squid-cacheSquid Version3.1.16
Squid-cacheSquid Version3.1.17
Squid-cacheSquid Version3.1.18
Squid-cacheSquid Version3.1.19
Squid-cacheSquid Version3.1.20
Squid-cacheSquid Version3.1.21
Squid-cacheSquid Version3.1.22
Squid-cacheSquid Version3.2.0.1
Squid-cacheSquid Version3.2.0.2
Squid-cacheSquid Version3.2.0.3
Squid-cacheSquid Version3.2.0.4
Squid-cacheSquid Version3.2.0.5
Squid-cacheSquid Version3.2.0.6
Squid-cacheSquid Version3.2.0.7
Squid-cacheSquid Version3.2.0.8
Squid-cacheSquid Version3.2.0.9
Squid-cacheSquid Version3.2.0.10
Squid-cacheSquid Version3.2.0.11
Squid-cacheSquid Version3.2.0.12
Squid-cacheSquid Version3.2.0.13
Squid-cacheSquid Version3.2.0.14
Squid-cacheSquid Version3.2.0.15
Squid-cacheSquid Version3.2.0.16
Squid-cacheSquid Version3.2.0.17
Squid-cacheSquid Version3.2.0.18
Squid-cacheSquid Version3.2.0.19
Squid-cacheSquid Version3.2.1
Squid-cacheSquid Version3.2.2
Squid-cacheSquid Version3.2.3
Squid-cacheSquid Version3.2.4
Squid-cacheSquid Version3.2.5
Squid-cacheSquid Version3.2.6
Squid-cacheSquid Version3.2.7
Squid-cacheSquid Version3.2.8
Squid-cacheSquid Version3.2.9
Squid-cacheSquid Version3.2.10
Squid-cacheSquid Version3.2.11
Squid-cacheSquid Version3.2.12
Squid-cacheSquid Version3.2.13
Squid-cacheSquid Version3.3.0
Squid-cacheSquid Version3.3.0.1
Squid-cacheSquid Version3.3.0.2
Squid-cacheSquid Version3.3.0.3
Squid-cacheSquid Version3.3.1
Squid-cacheSquid Version3.3.2
Squid-cacheSquid Version3.3.3
Squid-cacheSquid Version3.3.4
Squid-cacheSquid Version3.3.5
Squid-cacheSquid Version3.3.6
Squid-cacheSquid Version3.3.7
Squid-cacheSquid Version3.3.8
Squid-cacheSquid Version3.3.9
Squid-cacheSquid Version3.3.10
Squid-cacheSquid Version3.3.11
Squid-cacheSquid Version3.3.12
Squid-cacheSquid Version3.3.13
Squid-cacheSquid Version3.3.14
Squid-cacheSquid Version3.4.0.1
Squid-cacheSquid Version3.4.0.2
Squid-cacheSquid Version3.4.0.3
Squid-cacheSquid Version3.4.1
Squid-cacheSquid Version3.4.2
Squid-cacheSquid Version3.4.3
Squid-cacheSquid Version3.4.4
Squid-cacheSquid Version3.4.4.1
Squid-cacheSquid Version3.4.4.2
Squid-cacheSquid Version3.4.8
Squid-cacheSquid Version3.4.9
Squid-cacheSquid Version3.4.10
Squid-cacheSquid Version3.4.11
Squid-cacheSquid Version3.4.12
Squid-cacheSquid Version3.4.13
Squid-cacheSquid Version3.4.14
Squid-cacheSquid Version3.5.0.1
Squid-cacheSquid Version3.5.0.2
Squid-cacheSquid Version3.5.0.3
Squid-cacheSquid Version3.5.0.4
Squid-cacheSquid Version3.5.1
Squid-cacheSquid Version3.5.2
Squid-cacheSquid Version3.5.3
Squid-cacheSquid Version3.5.4
Squid-cacheSquid Version3.5.5
Squid-cacheSquid Version3.5.6
Squid-cacheSquid Version3.5.7
Squid-cacheSquid Version3.5.8
Squid-cacheSquid Version3.5.9
Squid-cacheSquid Version3.5.10
Squid-cacheSquid Version3.5.11
Squid-cacheSquid Version3.5.12
Squid-cacheSquid Version3.5.13
Squid-cacheSquid Version3.5.14
Squid-cacheSquid Version3.5.15
Squid-cacheSquid Version3.5.16
Squid-cacheSquid Version3.5.17
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
Squid-cacheSquid Version4.0.1
Squid-cacheSquid Version4.0.2
Squid-cacheSquid Version4.0.3
Squid-cacheSquid Version4.0.4
Squid-cacheSquid Version4.0.5
Squid-cacheSquid Version4.0.6
Squid-cacheSquid Version4.0.7
Squid-cacheSquid Version4.0.8
Squid-cacheSquid Version4.0.9
OracleLinux Version6
OracleLinux Version7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 53.92% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
https://security.gentoo.org/glsa/201607-01
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
http://www.ubuntu.com/usn/USN-2995-1
Third Party Advisory
http://www.debian.org/security/2016/dsa-3625
https://access.redhat.com/errata/RHSA-2016:1139
https://access.redhat.com/errata/RHSA-2016:1140
http://bugs.squid-cache.org/show_bug.cgi?id=4455
Patch
Vendor Advisory
Exploit
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/05/06/3
Patch
Release Notes
http://www.openwall.com/lists/oss-security/2016/05/06/5
Patch
Third Party Advisory
http://www.securitytracker.com/id/1035770
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
Patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
Patch