CVE-2015-5400
squid3 - security update
EPSS 24.7%
Description
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
How to fix CVE-2015-5400
To remediate CVE-2015-5400, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 4.1-1 or later
- Debian/squid3—upgrade to 3.1.6-1.2+squeeze5 or later
- Debian/squid3—upgrade to 3.1.20-2.2+deb7u3 or later
Is CVE-2015-5400 being exploited?
Moderate — EPSS is 24.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 4.1-1
- from 0, < 3.1.6-1.2+squeeze5
- from 0, < 3.1.20-2.2+deb7u3