Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-2390

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

  • Published: Apr 19, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-2390
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
squid-cache / squid - 3.5.13.x
squid-cache / squid 4.0.5 4.0.5.x
squid-cache / squid 4.0.4 4.0.4.x