Vulnerability Name: | CVE-2021-41611 (CCN-211456) | ||||||||||||
Assigned: | 2021-10-03 | ||||||||||||
Published: | 2021-10-03 | ||||||||||||
Updated: | 2022-03-31 | ||||||||||||
Summary: | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-295 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-41611 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames Source: MISC Type: Vendor Advisory http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch Source: XF Type: UNKNOWN squid-cve202141611-sec-bypass(211456) Source: CCN Type: SQUID-2021:6 Improper Certificate Validation of TLS server certificates Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-15d2f70a07 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: ![]() | ||||||||||||
BACK |