CVE-2016-4554

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct…

mitre·CWE-345·Published 2016-05-10

CVSS

—

EPSS

0.39

KEV

Exploits

cve.orgen

214 chars

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

NVDen

214 chars

NVDes

306 chars

mime_header.cc en Squid en versiones anteriores a 3.5.18 permite a atacantes remotos eludir restricciones destinadas al mismo origen y posiblemente llevar a cabo ataques de envenenamiento de caché a través de una cabecera HTTP Host manipulada, también conocido como un problema "contrabando de peticiones".

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	8.6	3.9	4.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N