CVE-2014-9749

Squid 3.4.4-3.4.11 and 3.5.0.1-3.5.1 - Authenticated Nonce Replay via Digest Authentication

Title source: llm
STIX 2.1

Description

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/01/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/11/4
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/12/2
Various Sources x_refsource_confirm
http://bugs.squid-cache.org/show_bug.cgi?id=4066

Scores

EPSS 0.0194
EPSS Percentile 83.7%

Details

CWE
CWE-264
Status published
Products (17)
opensuse/opensuse 13.1
opensuse/opensuse 13.2
squid-cache/squid 3.4.4
squid-cache/squid 3.4.5
squid-cache/squid 3.4.6
squid-cache/squid 3.4.7
squid-cache/squid 3.4.8
squid-cache/squid 3.4.9
squid-cache/squid 3.4.10
squid-cache/squid 3.4.11
... and 7 more
Published Nov 06, 2015
Tracked Since Feb 18, 2026