Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Squid Improper Input Validation Vulnerability - CVE-2015-3455 - Vulnerability Database
Squid

Squid Improper Input Validation Vulnerability - CVE-2015-3455

Low
Reference: CVE-2015-3455
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3455
Title: Squid Improper Input Validation Vulnerability
Overview:

Squid 3.2.x before 3.2.14 3.3.x before 3.3.14 3.4.x before 3.4.13 and 3.5.x before 3.5.4 when configured with client-first SSL-bump do not properly validate the domain or hostname fields of X.509 certificates which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.