CVE-2016-4554
squid: Header Smuggling issue in HTTP Request processing
Severity Score
Exploit Likelihood
Affected Versions
7Public Exploits
0Exploited in Wild
-Decision
Descriptions
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
mime_header.cc en Squid en versiones anteriores a 3.5.18 permite a atacantes remotos eludir restricciones destinadas al mismo origen y posiblemente llevar a cabo ataques de envenenamiento de caché a través de una cabecera HTTP Host manipulada, también conocido como un problema "contrabando de peticiones".
An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230.
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-06 CVE Reserved
- 2016-05-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinap... | Third Party Advisory |
|
| http://www.securitytracker.com/id/1035769 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-... | 2019-12-27 | |
| http://lists.opensuse.org/opensuse-security-announce/2016-... | 2019-12-27 | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg0006... | 2019-12-27 | |
| http://www.debian.org/security/2016/dsa-3625 | 2019-12-27 | |
| http://www.squid-cache.org/Advisories/SQUID-2016_8.txt | 2019-12-27 | |
| http://www.ubuntu.com/usn/USN-2995-1 | 2019-12-27 | |
| https://access.redhat.com/errata/RHSA-2016:1138 | 2019-12-27 | |
| https://access.redhat.com/errata/RHSA-2016:1139 | 2019-12-27 | |
| https://access.redhat.com/errata/RHSA-2016:1140 | 2019-12-27 | |
| https://security.gentoo.org/glsa/201607-01 | 2019-12-27 |