CVE-2015-3455

squid: incorrect X509 server certificate validation (SQUID-2015:1)

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Squid 3.2.x en versiones anteriores a 3.2.14, 3.3.x en versiones anteriores a 3.3.14, 3.4.x en versiones anteriores a 3.4.13 y 3.5.x en versiones anteriores a 3.5.4, cuando el primer cliente está configurado mediante SSL-bump, no valida adecuadamente el dominio o campos de nombre de host de certificados X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un certificado válido.

It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-29 CVE Reserved
2015-05-06 CVE Published
2024-01-23 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-297: Improper Validation of Certificate with Host Mismatch

CAPEC

References (13)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2015-0191.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
http://www.securityfocus.com/bid/74438	Vdb Entry
http://www.securitytracker.com/id/1032221	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html	2019-12-27
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html	2019-12-27
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html	2019-12-27
http://rhn.redhat.com/errata/RHSA-2015-2378.html	2019-12-27
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230	2019-12-27
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt	2019-12-27
https://access.redhat.com/security/cve/CVE-2015-3455	2015-11-19
https://bugzilla.redhat.com/show_bug.cgi?id=1218118	2015-11-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				7 Search vendor "Oracle" for product "Linux" and version "7"		-		Affected
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				11.2 Search vendor "Oracle" for product "Solaris" and version "11.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.1 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.2 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.3 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.4 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.4"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.5 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.5"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.6 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.6"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.7 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.7"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.8 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.8"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.9 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.9"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.10 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.10"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.11 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.11"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.12 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.12"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.13 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.13"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.14 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.14"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.15 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.15"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.16 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.16"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.17 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.17"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.18 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.18"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.0.19 Search vendor "Squid-cache" for product "Squid" and version "3.2.0.19"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.1 Search vendor "Squid-cache" for product "Squid" and version "3.2.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.2 Search vendor "Squid-cache" for product "Squid" and version "3.2.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.3 Search vendor "Squid-cache" for product "Squid" and version "3.2.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.4 Search vendor "Squid-cache" for product "Squid" and version "3.2.4"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.5 Search vendor "Squid-cache" for product "Squid" and version "3.2.5"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.6 Search vendor "Squid-cache" for product "Squid" and version "3.2.6"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.7 Search vendor "Squid-cache" for product "Squid" and version "3.2.7"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.8 Search vendor "Squid-cache" for product "Squid" and version "3.2.8"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.9 Search vendor "Squid-cache" for product "Squid" and version "3.2.9"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.10 Search vendor "Squid-cache" for product "Squid" and version "3.2.10"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.11 Search vendor "Squid-cache" for product "Squid" and version "3.2.11"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.12 Search vendor "Squid-cache" for product "Squid" and version "3.2.12"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.2.13 Search vendor "Squid-cache" for product "Squid" and version "3.2.13"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.0 Search vendor "Squid-cache" for product "Squid" and version "3.3.0"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.0.1 Search vendor "Squid-cache" for product "Squid" and version "3.3.0.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.0.2 Search vendor "Squid-cache" for product "Squid" and version "3.3.0.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.0.3 Search vendor "Squid-cache" for product "Squid" and version "3.3.0.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.1 Search vendor "Squid-cache" for product "Squid" and version "3.3.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.2 Search vendor "Squid-cache" for product "Squid" and version "3.3.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.3 Search vendor "Squid-cache" for product "Squid" and version "3.3.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.4 Search vendor "Squid-cache" for product "Squid" and version "3.3.4"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.5 Search vendor "Squid-cache" for product "Squid" and version "3.3.5"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.6 Search vendor "Squid-cache" for product "Squid" and version "3.3.6"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.7 Search vendor "Squid-cache" for product "Squid" and version "3.3.7"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.8 Search vendor "Squid-cache" for product "Squid" and version "3.3.8"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.9 Search vendor "Squid-cache" for product "Squid" and version "3.3.9"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.10 Search vendor "Squid-cache" for product "Squid" and version "3.3.10"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.11 Search vendor "Squid-cache" for product "Squid" and version "3.3.11"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.12 Search vendor "Squid-cache" for product "Squid" and version "3.3.12"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.3.13 Search vendor "Squid-cache" for product "Squid" and version "3.3.13"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.0.1 Search vendor "Squid-cache" for product "Squid" and version "3.4.0.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.0.2 Search vendor "Squid-cache" for product "Squid" and version "3.4.0.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.0.3 Search vendor "Squid-cache" for product "Squid" and version "3.4.0.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.1 Search vendor "Squid-cache" for product "Squid" and version "3.4.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.2 Search vendor "Squid-cache" for product "Squid" and version "3.4.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.3 Search vendor "Squid-cache" for product "Squid" and version "3.4.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.4 Search vendor "Squid-cache" for product "Squid" and version "3.4.4"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.5 Search vendor "Squid-cache" for product "Squid" and version "3.4.5"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.6 Search vendor "Squid-cache" for product "Squid" and version "3.4.6"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.7 Search vendor "Squid-cache" for product "Squid" and version "3.4.7"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.8 Search vendor "Squid-cache" for product "Squid" and version "3.4.8"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.9 Search vendor "Squid-cache" for product "Squid" and version "3.4.9"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.10 Search vendor "Squid-cache" for product "Squid" and version "3.4.10"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.11 Search vendor "Squid-cache" for product "Squid" and version "3.4.11"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.4.12 Search vendor "Squid-cache" for product "Squid" and version "3.4.12"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.0.1 Search vendor "Squid-cache" for product "Squid" and version "3.5.0.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.0.2 Search vendor "Squid-cache" for product "Squid" and version "3.5.0.2"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.0.3 Search vendor "Squid-cache" for product "Squid" and version "3.5.0.3"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.0.4 Search vendor "Squid-cache" for product "Squid" and version "3.5.0.4"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.1 Search vendor "Squid-cache" for product "Squid" and version "3.5.1"		-		Affected
Squid-cache Search vendor "Squid-cache"		Squid Search vendor "Squid-cache" for product "Squid"				3.5.2 Search vendor "Squid-cache" for product "Squid" and version "3.5.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				22 Search vendor "Fedoraproject" for product "Fedora" and version "22"		-		Affected