APP: Squid Proxy SSL-Bump Certificate Validation Bypass
This signature detects attempts to exploit a known vulnerability against Squid. The vulnerability is due to incorrectly validating the common name in a server certificate. Successful attack could lead to bypass certain certificate validation process thus leading to further attacks.
Extended Description
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Affected Products
Squid-cache squid
References
CVE: CVE-2015-3455
Short Name
APP:PROXY:SQUID-SSLBUMP-CERT
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Bypass CVE-2015-3455 Certificate Proxy SSL-Bump Squid Validation
Release Date
01/21/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
Fedoraproject
Squid-cache
CVSS Score
2.6