CVE-2016-4553

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4553
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4553.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-4553
Related
Published
2016-05-10T19:59:00Z
Modified
2025-01-08T03:23:36.621258Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0a4efb98f1e84bb7392c7ecc9c7deb0381458b0f
Last affected
1243ec712bf76c549ba7f48fcdc30d98ce550449
Last affected
15fb77e4092a910ea4abe83594a1ac9f79cae333
Last affected
2552ca552397fb9d23f06d4f1211c505205aee95
Last affected
404063c59bb4ffa6c5a005611c4375f82ddd423f
Last affected
6c4d7196d05c95c406bafce712c8768cc8dc3beb
Last affected
78121f9a195344616290ecdd4f7f9dd521daaf1a
Last affected
7f53f09fb9dc2d6ac4f49ceae514ad6488e2600e
Last affected
97f9388a0edced1b168f57afaa6fe54b135dccc9
Last affected
ff87fda5fe2e205785b15ebdb243ad812effc981

Affected versions

Other

HISTORIC_RELEASES
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_5_0_1
SQUID_3_5_0_2
SQUID_3_5_0_3
SQUID_3_5_0_4
SQUID_3_5_1
SQUID_3_5_10
SQUID_3_5_11
SQUID_3_5_12
SQUID_3_5_13
SQUID_3_5_14
SQUID_3_5_15
SQUID_3_5_16
SQUID_3_5_17
SQUID_3_5_2
SQUID_3_5_3
SQUID_3_5_4
SQUID_3_5_5
SQUID_3_5_6
SQUID_3_5_7
SQUID_3_5_8
SQUID_3_5_9
SQUID_4_0_1