CVE-2016-4554

8.6HIGH

Key Information:

Vendor: Oracle
Status: Linux
Vendor: CVE Published:; 10 May 2016

Summary

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

References

https://security.gentoo.org/glsa/201607-01

vendor-advisoryx_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/linuxbu...

x_refsource_CONFIRM

http://www.squid-cache.org/Versions/v3/3.3/changesets/SQU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 10, 2016
Vulnerability Reserved
May 6, 2016