First published: Mon Sep 28 2015(Updated: )
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =22 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Squid-Cache Squid | <=3.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.