Description

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

Remediation

References

CVE-2016-2390

Related Vulnerabilities

Drupal Core 7.x Multiple Cross-Site Scripting Vulnerabilities (7.0 - 7.85)

WordPress Plugin Simple PDF Viewer Cross-Site Scripting (1.9)

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14)

WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)

WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk 'cdwidgetid' Parameter Cross-Site Scripting (2.0)

Severity

Medium

Classification

CVE-2016-2390 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities