Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-2390

Опубликовано: 19 апр. 2016
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 4.3
CVSS3: 5.9

Описание

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

РелизСтатусПримечание
devel

not-affected

not built with --with-openssl
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [not built with --with-openssl]]
precise

not-affected

not built with --with-openssl
trusty

not-affected

not built with --with-openssl
trusty/esm

DNE

trusty was not-affected [not built with --with-openssl]
upstream

released

4.0.6
vivid

not-affected

not built with --with-openssl
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

not built with --with-openssl

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.21283
Средний

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-2390

redhat
почти 10 лет назад

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

nvd логотип

CVE-2016-2390

CVSS3: 5.9
nvd
почти 10 лет назад

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

debian логотип

CVE-2016-2390

CVSS3: 5.9
debian
почти 10 лет назад

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...

github логотип

GHSA-qg6v-rjmq-c5vh

CVSS3: 5.9
github
больше 3 лет назад

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

fstec логотип

BDU:2016-01050

fstec
почти 10 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 96%
0.21283
Средний

4.3 Medium

CVSS2

5.9 Medium

CVSS3