Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Squid SSL-Bump Certificate Validation Bypass Vulnerability
Information
Severity
Severity
Low
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
2.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:N/I:P/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
8 years ago
Modified
Modified
4 years ago
Summary
This host is running Squid and is prone to certificate validation bypass vulnerability.
Insight
Insight
The client-first SSL-bump feature does not properly validate X.509 server certificate domain and hostname fields. A remote server can create a specially crafted certificate to bypass client certificate validation.
Affected Software
Affected Software
Squid 3.2 -> 3.2.13 Squid 3.3 -> 3.3.13 Squid 3.4 -> 3.4.12 Squid 3.5 -> 3.5.3
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Apply the patch or upgrade to version Squid 3.5.4, 3.4.13, 3.3.14, 3.2.14 or later.