Description

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

Remediation

References

CVE-2015-5400

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2023-31047)

Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328)

WordPress Plugin Sell Downloads Cross-Site Scripting (1.0.86)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.0)

WordPress Plugin youForms for WordPress-Creating Forms for CopeCart Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2015-5400 CWE-264

Tags

Missing Update Known Vulnerabilities