[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE policy clarification request - Squid 3.5.4 etc.
From: cve-assign () mitre ! org
Date: 2015-04-30 13:49:22
Message-ID: 20150430134922.1BCBA3AE06E () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> "Squid HTTP Proxy configured with client-first SSL bumping does not
> correctly validate server certificate hostname fields. As a result
> malicious server responses can wrongly be presented through the proxy
> to clients as secure authenticated HTTPS responses."
>
> Upstream advisory (when published) will be at:
> http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Use CVE-2015-3455.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJVQjHFAAoJEKllVAevmvmsWqUIAImY4rWDt7dAZW8RwiyEqdrZ
EI+wL/jXYH5H4cpiPIGOAuKDWhpFEmK65LnfPpjKFSrhxVLafbupygPhFVJUeSxU
Yae3q1yAsEWZrAS7ZYmxLHL1+VgK7g7DTgksIGHj6daAlzHEwf5WDKpzTEuoLxg6
HqAzFoJVN1OiEjFEvy+cOMvMuzpBwFa2CBtROAVOANVawDvlYcd2kG6B2AHzGdxS
K95C8wmHh2IePyws6K6F4c7Tn/LHSoj7p15TqPxE8rdzHF/QzcK0vHe2ORYKRX4z
j67MaOq28qqwTMsCjGaCcASGDfTpFUqF2R5O0VqUmfHaL0EZj67JVLlM51YiRdc=
=fAn0
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic