oss-sec mailing list archives
Re: CVE policy clarification request - Squid 3.5.4 etc.
From: cve-assign () mitre org
Date: Thu, 30 Apr 2015 09:49:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Squid HTTP Proxy configured with client-first SSL bumping does not correctly validate server certificate hostname fields. As a result malicious server responses can wrongly be presented through the proxy to clients as secure authenticated HTTPS responses." Upstream advisory (when published) will be at: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Use CVE-2015-3455. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVQjHFAAoJEKllVAevmvmsWqUIAImY4rWDt7dAZW8RwiyEqdrZ EI+wL/jXYH5H4cpiPIGOAuKDWhpFEmK65LnfPpjKFSrhxVLafbupygPhFVJUeSxU Yae3q1yAsEWZrAS7ZYmxLHL1+VgK7g7DTgksIGHj6daAlzHEwf5WDKpzTEuoLxg6 HqAzFoJVN1OiEjFEvy+cOMvMuzpBwFa2CBtROAVOANVawDvlYcd2kG6B2AHzGdxS K95C8wmHh2IePyws6K6F4c7Tn/LHSoj7p15TqPxE8rdzHF/QzcK0vHe2ORYKRX4z j67MaOq28qqwTMsCjGaCcASGDfTpFUqF2R5O0VqUmfHaL0EZj67JVLlM51YiRdc= =fAn0 -----END PGP SIGNATURE-----
Current thread:
- CVE policy clarification request Amos Jeffries (Apr 29)
- Re: CVE policy clarification request cve-assign (Apr 29)
- Re: Re: CVE policy clarification request Amos Jeffries (Apr 30)
- Re: CVE policy clarification request - Squid 3.5.4 etc. cve-assign (Apr 30)
- Re: Re: CVE policy clarification request Amos Jeffries (Apr 30)
- Re: CVE policy clarification request cve-assign (Apr 29)