First published: Tue Apr 19 2016(Updated: )
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Squid-Cache Squid | <=3.5.13 | |
Squid-Cache Squid | =4.0.4 | |
Squid-Cache Squid | =4.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.