SID 1:45569

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Squid host header cache poisoning attempt

Rule Explanation

This event is generated when a request has been made to Squid proxy which returns cache content from somewhere other than hostname specified in absolute URI from request line Impact: Results in future requests made to poisoned hostname to return content not originating from hostname Details: Ease of Attack: Simple

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2016-4553

Additional Links

bugs.squid-cache.org/show_bug.cgi?id=4501

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2016-4553
 Loading description