Описание
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | squid | Will not fix | ||
| Red Hat Enterprise Linux 6 | squid | Fixed | RHSA-2016:1138 | 31.05.2016 |
| Red Hat Enterprise Linux 6 | squid34 | Fixed | RHSA-2016:1140 | 31.05.2016 |
| Red Hat Enterprise Linux 7 | squid | Fixed | RHSA-2016:1139 | 31.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypas ...
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
EPSS
4 Medium
CVSS2