CVE-2015-5400
EPSS 24.7%squid3 - security update
發布日:2015/9/28修改日:2026/4/28
描述
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
受影響套件(3)
- Debian/squidfrom 0, < 4.1-1
- Debian/squid3from 0, < 3.1.6-1.2+squeeze5
- Debian/squid3from 0, < 3.1.20-2.2+deb7u3