CVE-2016-4553

Name: CVE-2016-4553
Creator: NVD / NIST
Published: 2016-05-10T19:59:00.137+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 79.65%

Last modified Jun 17, 2026

CVE-2016-4553 is a vulnerability of currently unknown severity. client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.. EPSS estimates a 79.65% chance of exploitation in the next 30 days.

Description

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

Metrics

EPSS Probability

79.65%

99.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	15.10
Canonical	Ubuntu Linux	16.04
Squid-Cache	Squid	<= 3.5.17
Squid-Cache	Squid	4.0.1
Squid-Cache	Squid	4.0.2
Squid-Cache	Squid	4.0.3
Squid-Cache	Squid	4.0.4
Squid-Cache	Squid	4.0.5
Squid-Cache	Squid	4.0.6
Squid-Cache	Squid	4.0.7
Squid-Cache	Squid	4.0.8
Squid-Cache	Squid	4.0.9
Oracle	Linux	7

References

Timeline

Published: May 10, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4553?

How severe is CVE-2016-4553?

Severity scoring for CVE-2016-4553 is pending analysis. The EPSS model estimates a 79.65% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4553?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4553?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST