Description

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

Remediation

References

CVE-2014-9749

Related Vulnerabilities

WordPress Plugin File Manager Multiple Vulnerabilities (4.8)

Moodle Incorrect Authorization Vulnerability (CVE-2024-48897)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)

ownCloud Cryptographic Issues Vulnerability (CVE-2013-1941)

Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)

Severity

Medium

Classification

CVE-2014-9749 CWE-264

Tags

Missing Update Known Vulnerabilities