CVE-2014-9749

Published Nov 6, 2015

Last updated 6 years ago

CVSS info 4.0

Overview

Description: Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC"
          },
          {
            "criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References