Описание
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Ссылки
- Exploit
- Vendor Advisory
- ExploitVendor Advisory
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer respon ...
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Уязвимость прокси-сервера Squid, позволяющая нарушителю обойти существующие ограничения и получить доступ к серверу
EPSS
6.8 Medium
CVSS2