client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2016-05-10 12:59
Updated : 2019-12-27 08:08
NVD link : CVE-2016-4553
Mitre link : CVE-2016-4553
JSON object : View
CWE
CWE-345
Insufficient Verification of Data Authenticity
Products Affected
canonical
- ubuntu_linux
oracle
- linux
squid-cache
- squid