Description

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

Remediation

References

CVE-2014-9749

Related Vulnerabilities

Oracle JRE CVE-2012-5086 Vulnerability (CVE-2012-5086)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.31)

WordPress Plugin Soundy Audio Playlist Cross-Site Scripting (4.6)

WordPress 4.5.x Possible SQL Injection Vulnerability (4.5 - 4.5.10)

Joomla! Core 1.0.5 Security Bypass (1.0.5)

Severity

Medium

Classification

CVE-2014-9749 CWE-264

Tags

Missing Update Known Vulnerabilities