Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-09-28T20:00:00
Updated: 2024-08-06T06:50:02.095Z
Reserved: 2015-07-06T00:00:00
Link: CVE-2015-5400
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-09-28T20:59:03.280
Modified: 2017-09-22T01:29:23.813
Link: CVE-2015-5400
Redhat