Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web application abuses
Title:Squid SSL-Bump Certificate Validation Bypass Vulnerability
Summary:This host is running Squid and is prone; to certificate validation bypass vulnerability.
This host is running Squid and is prone
to certificate validation bypass vulnerability.

Vulnerability Insight:
The client-first SSL-bump feature does not
properly validate X.509 server certificate domain and hostname fields. A remote
server can create a specially crafted certificate to bypass client certificate

Vulnerability Impact:
Successful exploitation will allow remote
attackers to bypass client certificate validation.

Affected Software/OS:
Squid 3.2 -> 3.2.13
Squid 3.3 -> 3.3.13
Squid 3.4 -> 3.4.12
Squid 3.5 -> 3.5.3

Apply the patch or upgrade to version
Squid 3.5.4, 3.4.13, 3.3.14, 3.2.14 or later.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 74438
Common Vulnerability Exposure (CVE) ID: CVE-2015-3455
RedHat Security Advisories: RHSA-2015:2378
SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search)
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.