CVE-2015-5400
EPSS 24.7%squid3 - security update
Published: 9/28/2015Modified: 4/28/2026
Description
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Affected packages (3)
- Debian/squidfrom 0, < 4.1-1
- Debian/squid3from 0, < 3.1.6-1.2+squeeze5
- Debian/squid3from 0, < 3.1.20-2.2+deb7u3