FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- multiple vulnerabilities

Affected packages
3.0.0 <= squid < 3.5.18
4.0.0 <= squid-devel < 4.0.10


VuXML ID 25e5205b-1447-11e6-9ead-6805ca0b3d42
Discovery 2016-05-06
Entry 2016-05-07
Modified 2016-05-09

The squid development team reports:

Problem Description:
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning.
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source.
Problem Description:
Due to incorrect input validation Squid is vulnerable to a header smuggling attack leading to cache poisoning and to bypass of same-origin security policy in Squid and some client browsers.
This problem allows a client to smuggle Host header value past same-origin security protections to cause Squid operating as interception or reverse-proxy to contact the wrong origin server. Also poisoning any downstream cache which stores the response.
However, the cache poisoning is only possible if the caching agent (browser or explicit/forward proxy) is not following RFC 7230 processing guidelines and lets the smuggled value through.
Problem Description:
Due to incorrect pointer handling and reference counting Squid is vulnerable to a denial of service attack when processing ESI responses.
These problems allow a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.
Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering one or more of these issues.


CVE Name CVE-2016-4553
CVE Name CVE-2016-4554
CVE Name CVE-2016-4555
CVE Name CVE-2016-4556