| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Certificate verification bypass |
|
| Description |
| + |
When validating an origin server or peer certificate, Squid 5 before version 5.2 may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust when the trust is not valid. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services. |
| + |
|
| + |
This problem is guaranteed to occur when multiple CA have signed the TLS server certificate. It may also occur in cases of broken server certificate chains. |
|
| References |
| + |
https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r |
| + |
http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch |
|