Description

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

Remediation

References

CVE-2016-4553

Related Vulnerabilities

OpenVPN AS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2692)

Oracle Application Server CVE-2006-0435 Vulnerability (CVE-2006-0435)

WordPress Plugin Gallery PhotoBlocks Unspecified Vulnerability (1.1.32)

WordPress Plugin InJob-Multi features for recruitment WordPress Theme (Themeforest) Cross-Site Scripting (3.3.7)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)

Severity

High

Classification

CVE-2016-4553 CWE-345 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities