Boletines de Vulnerabilidades

DSA-3327 squid3 - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy.

More info:

https://www.debian.org/security/2015/dsa-3327

Identificadores estándar
Propiedad Valor
CVE CVE-2015-5400 and DSA-3327.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-08-05

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT