VDB
CVE-2014-9749
CVE-2014-9749
PUBLISHED
CVSS 4 MEDIUM
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
EPSS 1.94% · 83.7th percentile
Risk Scores
CVSS v2.0
4
EPSS Score
1.94%
83.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| squid-cache | squid | 3.5.1, 3.4.4, 3.4.5 |
| n/a | n/a | n/a |
| opensuse | opensuse | 13.1, 13.2 |
Timeline
- Nov 6, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 14, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- [oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication mailing-list
- http://bugs.squid-cache.org/show_bug.cgi?id=4066 url
- [oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication mailing-list
- openSUSE-SU-2015:1835 vendor-advisory
- [oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2014-9749 advisory