Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:PROXY:SQUID-SSLBUMP-CERT

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 APP

Keywords

 Squid Proxy SSL-Bump Certificate Validation Bypass

Release Date

 2016/01/21

Update Number

 2624

Supported Platforms

 idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Squid Proxy SSL-Bump Certificate Validation Bypass


This signature detects attempts to exploit a known vulnerability against Squid. The vulnerability is due to incorrectly validating the common name in a server certificate. Successful attack could lead to bypass certain certificate validation process thus leading to further attacks.

Extended Description

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Affected Products

  • Fedoraproject fedora 22
  • Oracle linux 7
  • Oracle solaris 11.2
  • Squid-cache squid 3.2.0.1
  • Squid-cache squid 3.2.0.10
  • Squid-cache squid 3.2.0.11
  • Squid-cache squid 3.2.0.12
  • Squid-cache squid 3.2.0.13
  • Squid-cache squid 3.2.0.14
  • Squid-cache squid 3.2.0.15
  • Squid-cache squid 3.2.0.16
  • Squid-cache squid 3.2.0.17
  • Squid-cache squid 3.2.0.18
  • Squid-cache squid 3.2.0.19
  • Squid-cache squid 3.2.0.2
  • Squid-cache squid 3.2.0.3
  • Squid-cache squid 3.2.0.4
  • Squid-cache squid 3.2.0.5
  • Squid-cache squid 3.2.0.6
  • Squid-cache squid 3.2.0.7
  • Squid-cache squid 3.2.0.8
  • Squid-cache squid 3.2.0.9
  • Squid-cache squid 3.2.1
  • Squid-cache squid 3.2.10
  • Squid-cache squid 3.2.11
  • Squid-cache squid 3.2.12
  • Squid-cache squid 3.2.13
  • Squid-cache squid 3.2.2
  • Squid-cache squid 3.2.3
  • Squid-cache squid 3.2.4
  • Squid-cache squid 3.2.5
  • Squid-cache squid 3.2.6
  • Squid-cache squid 3.2.7
  • Squid-cache squid 3.2.8
  • Squid-cache squid 3.2.9
  • Squid-cache squid 3.3.0
  • Squid-cache squid 3.3.0.1
  • Squid-cache squid 3.3.0.2
  • Squid-cache squid 3.3.0.3
  • Squid-cache squid 3.3.1
  • Squid-cache squid 3.3.10
  • Squid-cache squid 3.3.11
  • Squid-cache squid 3.3.12
  • Squid-cache squid 3.3.13
  • Squid-cache squid 3.3.2
  • Squid-cache squid 3.3.3
  • Squid-cache squid 3.3.4
  • Squid-cache squid 3.3.5
  • Squid-cache squid 3.3.6
  • Squid-cache squid 3.3.7
  • Squid-cache squid 3.3.8
  • Squid-cache squid 3.3.9
  • Squid-cache squid 3.4.0.1
  • Squid-cache squid 3.4.0.2
  • Squid-cache squid 3.4.0.3
  • Squid-cache squid 3.4.1
  • Squid-cache squid 3.4.10
  • Squid-cache squid 3.4.11
  • Squid-cache squid 3.4.12
  • Squid-cache squid 3.4.2
  • Squid-cache squid 3.4.3
  • Squid-cache squid 3.4.4
  • Squid-cache squid 3.4.5
  • Squid-cache squid 3.4.6
  • Squid-cache squid 3.4.7
  • Squid-cache squid 3.4.8
  • Squid-cache squid 3.4.9
  • Squid-cache squid 3.5.0.1
  • Squid-cache squid 3.5.0.2
  • Squid-cache squid 3.5.0.3
  • Squid-cache squid 3.5.0.4
  • Squid-cache squid 3.5.1
  • Squid-cache squid 3.5.2

References

  • CVE: CVE-2015-3455

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out