CVE-2015-3455

EPSS 6.5%

發布日:2015/5/18修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-3455

描述

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

受影響套件(1)

Debian/squidfrom 0, < 4.1-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3455