Описание
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.5.12-1ubuntu6 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [3.3.8-1ubuntu6.6]] |
| precise | not-affected | 3.1.19-1ubuntu3.12.04.4 |
| trusty | released | 3.3.8-1ubuntu6.6 |
| trusty/esm | DNE | trusty was released [3.3.8-1ubuntu6.6] |
| upstream | released | 3.5.4,3.4.13,3.3.14,3.2.14 |
| utopic | ignored | end of life |
| vivid | ignored | end of life |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
ELSA-2015-2378: squid security and bug fix update (MODERATE)
EPSS
2.6 Low
CVSS2