Описание
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | squid | Will not fix | ||
| Red Hat Enterprise Linux 6 | squid | Will not fix | ||
| Red Hat Enterprise Linux 7 | squid | Will not fix |
Показывать по
Дополнительная информация
Статус:
2.3 Low
CVSS2
Связанные уязвимости
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Squid before 3.5.6 does not properly handle CONNECT method peer respon ...
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Уязвимость прокси-сервера Squid, позволяющая нарушителю обойти существующие ограничения и получить доступ к серверу
2.3 Low
CVSS2