This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:PROXY:SQUID-SSLBUMP-CERT
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Squid Proxy SSL-Bump Certificate Validation Bypass
|
Release Date |
2016/01/21
|
Update Number |
2624
|
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Squid Proxy SSL-Bump Certificate Validation Bypass
This signature detects attempts to exploit a known vulnerability against Squid. The vulnerability is due to incorrectly validating the common name in a server certificate. Successful attack could lead to bypass certain certificate validation process thus leading to further attacks.
Extended Description
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Affected Products
- Fedoraproject fedora 22
- Oracle linux 7
- Oracle solaris 11.2
- Squid-cache squid 3.2.0.1
- Squid-cache squid 3.2.0.10
- Squid-cache squid 3.2.0.11
- Squid-cache squid 3.2.0.12
- Squid-cache squid 3.2.0.13
- Squid-cache squid 3.2.0.14
- Squid-cache squid 3.2.0.15
- Squid-cache squid 3.2.0.16
- Squid-cache squid 3.2.0.17
- Squid-cache squid 3.2.0.18
- Squid-cache squid 3.2.0.19
- Squid-cache squid 3.2.0.2
- Squid-cache squid 3.2.0.3
- Squid-cache squid 3.2.0.4
- Squid-cache squid 3.2.0.5
- Squid-cache squid 3.2.0.6
- Squid-cache squid 3.2.0.7
- Squid-cache squid 3.2.0.8
- Squid-cache squid 3.2.0.9
- Squid-cache squid 3.2.1
- Squid-cache squid 3.2.10
- Squid-cache squid 3.2.11
- Squid-cache squid 3.2.12
- Squid-cache squid 3.2.13
- Squid-cache squid 3.2.2
- Squid-cache squid 3.2.3
- Squid-cache squid 3.2.4
- Squid-cache squid 3.2.5
- Squid-cache squid 3.2.6
- Squid-cache squid 3.2.7
- Squid-cache squid 3.2.8
- Squid-cache squid 3.2.9
- Squid-cache squid 3.3.0
- Squid-cache squid 3.3.0.1
- Squid-cache squid 3.3.0.2
- Squid-cache squid 3.3.0.3
- Squid-cache squid 3.3.1
- Squid-cache squid 3.3.10
- Squid-cache squid 3.3.11
- Squid-cache squid 3.3.12
- Squid-cache squid 3.3.13
- Squid-cache squid 3.3.2
- Squid-cache squid 3.3.3
- Squid-cache squid 3.3.4
- Squid-cache squid 3.3.5
- Squid-cache squid 3.3.6
- Squid-cache squid 3.3.7
- Squid-cache squid 3.3.8
- Squid-cache squid 3.3.9
- Squid-cache squid 3.4.0.1
- Squid-cache squid 3.4.0.2
- Squid-cache squid 3.4.0.3
- Squid-cache squid 3.4.1
- Squid-cache squid 3.4.10
- Squid-cache squid 3.4.11
- Squid-cache squid 3.4.12
- Squid-cache squid 3.4.2
- Squid-cache squid 3.4.3
- Squid-cache squid 3.4.4
- Squid-cache squid 3.4.5
- Squid-cache squid 3.4.6
- Squid-cache squid 3.4.7
- Squid-cache squid 3.4.8
- Squid-cache squid 3.4.9
- Squid-cache squid 3.5.0.1
- Squid-cache squid 3.5.0.2
- Squid-cache squid 3.5.0.3
- Squid-cache squid 3.5.0.4
- Squid-cache squid 3.5.1
- Squid-cache squid 3.5.2
References