Vulnerability DatabaseCVE-2015-5400
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-5400
Published:September 28, 2015
Updated:May 17, 2026
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
Related Resources (18)
http://www.openwall.com/lists/oss-security/2015/07/10/2
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
https://security-tracker.debian.org/tracker/CVE-2015-5400
http://www.securityfocus.com/bid/75553
http://www.openwall.com/lists/oss-security/2015/07/17/14
http://www.openwall.com/lists/oss-security/2015/07/06/8
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
http://www.openwall.com/lists/oss-security/2015/07/09/12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
https://access.redhat.com/security/cve/CVE-2015-5400
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
http://www.debian.org/security/2015/dsa-3327
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5400
http://www.securitytracker.com/id/1032873
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
Do you need more information?
Contact Us
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
24.70