CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

Published: May 10, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-4553
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-345

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
squid-cache / squid	-	3.5.17.x
squid-cache / squid	4.0.5	4.0.5.x
squid-cache / squid	4.0.3	4.0.3.x
squid-cache / squid	4.0.1	4.0.1.x
squid-cache / squid	4.0.8	4.0.8.x
squid-cache / squid	4.0.2	4.0.2.x
squid-cache / squid	4.0.7	4.0.7.x
squid-cache / squid	4.0.4	4.0.4.x
squid-cache / squid	4.0.6	4.0.6.x
squid-cache / squid	4.0.9	4.0.9.x
oracle / linux	7	7.x

http://bugs.squid-cache.org/show_bug.cgi?id=4501
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
http://www.debian.org/security/2016/dsa-3625
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1035768
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
http://www.ubuntu.com/usn/USN-2995-1
https://access.redhat.com/errata/RHSA-2016:1139
https://access.redhat.com/errata/RHSA-2016:1140
https://security.gentoo.org/glsa/201607-01

Vulnerability Database

289,599

CVE-2016-4553