Vulnerabilities

CVE-2016-2390

by Fred · 19/04/2016

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the –with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

Date published : 2016-04-19

http://bugs.squid-cache.org/show_bug.cgi?id=4437

http://www.squid-cache.org/Advisories/SQUID-2016_1.txt

Similar

Tags: Cybersecurity Alert