VuXML ID | Description |
81d9dc0c-1988-11df-8e66-0019996bc1f7 | squid -- Denial of Service vulnerability in HTCP
Squid security advisory 2010:2 reports:
Due to incorrect processing Squid is vulnerable to a
denial of service attack when receiving specially crafted
HTCP packets.
This problem allows any machine to perform a denial
of service attack on the Squid service when its HTCP port
is open.
Discovery 2010-02-12 Entry 2010-02-14 Modified 2010-05-02 squid
ge 2.7.1 lt 2.7.7_4
ge 3.0.1 lt 3.0.24
CVE-2010-0639
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
|
e05bfc92-0763-11e6-94fa-002590263bf5 | squid -- multiple vulnerabilities
Squid security advisory 2016:5 reports:
Due to incorrect buffer management Squid cachemgr.cgi tool is
vulnerable to a buffer overflow when processing remotely supplied
inputs relayed to it from Squid.
This problem allows any client to seed the Squid manager reports
with data that will cause a buffer overflow when processed by the
cachemgr.cgi tool. However, this does require manual administrator
actions to take place. Which greatly reduces the impact and
possible uses.
Squid security advisory 2016:6 reports:
Due to buffer overflow issues Squid is vulnerable to a denial of
service attack when processing ESI responses. Due to incorrect input
validation Squid is vulnerable to public information disclosure of
the server stack layout when processing ESI responses. Due to
incorrect input validation and buffer overflow Squid is vulnerable
to remote code execution when processing ESI responses.
These problems allow ESI components to be used to perform a denial
of service attack on the Squid service and all other services on the
same machine. Under certain build conditions these problems allow
remote clients to view large sections of the server memory. However,
the bugs are exploitable only if you have built and configured the
ESI features to be used by a reverse-proxy and if the ESI components
being processed by Squid can be controlled by an attacker.
Discovery 2016-04-20 Entry 2016-04-21 squid
< 3.5.17
CVE-2016-4051
CVE-2016-4052
CVE-2016-4053
CVE-2016-4054
ports/208939
http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
|
f9ada0b5-3d80-11ed-9330-080027f5fec9 | squid -- Exposure of sensitive information in cache manager
Mikhail Evdokimov (aka konata) reports:
Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about
clients using the proxy. This problem allows a trusted
client to directly access cache manager information
bypassing the manager ACL protection. The available cache
manager information contains records of internal network
structure, client credentials, client identity and client
traffic behaviour.
Discovery 2022-04-17 Entry 2022-09-26 squid
< 5.7
CVE-2022-41317
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq
|
150d1538-23fa-11e5-a4a5-002590263bf5 | squid -- Improper Protection of Alternate Path with CONNECT requests
Squid security advisory 2015:2 reports:
Squid configured with cache_peer and operating on explicit proxy
traffic does not correctly handle CONNECT method peer responses.
The bug is important because it allows remote clients to bypass
security in an explicit gateway proxy.
However, the bug is exploitable only if you have configured
cache_peer to receive CONNECT requests.
Discovery 2015-07-06 Entry 2015-07-06 Modified 2015-07-17 squid
< 3.5.6
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
CVE-2015-5400
|
297117ba-f92d-11e5-92ce-002590263bf5 | squid -- multiple vulnerabilities
Squid security advisory 2016:3 reports:
Due to a buffer overrun Squid pinger binary is vulnerable to
denial of service or information leak attack when processing
ICMPv6 packets.
This bug also permits the server response to manipulate other
ICMP and ICMPv6 queries processing to cause information leak.
This bug allows any remote server to perform a denial of service
attack on the Squid service by crashing the pinger. This may
affect Squid HTTP routing decisions. In some configurations,
sub-optimal routing decisions may result in serious service
degradation or even transaction failures.
If the system does not contain buffer-overrun protection leading
to that crash this bug will instead allow attackers to leak
arbitrary amounts of information from the heap into Squid log
files. This is of higher importance than usual because the pinger
process operates with root priviliges.
Squid security advisory 2016:4 reports:
Due to incorrect bounds checking Squid is vulnerable to a denial
of service attack when processing HTTP responses.
This problem allows a malicious client script and remote server
delivering certain unusual HTTP response syntax to trigger a
denial of service for all clients accessing the Squid service.
Discovery 2016-03-28 Entry 2016-04-02 squid
< 3.5.16
CVE-2016-3947
CVE-2016-3948
ports/208463
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
|
620685d6-0aa3-11ea-9673-4c72b94353b5 | squid -- Vulnerable to HTTP Digest Authentication
Squid Team reports:
Problem Description: Due to incorrect data management Squid is
vulnerable to a information disclosure when processing HTTP Digest
Authentication.
Severity: Nonce tokens contain the raw byte value of a pointer which sits
within heap memory allocation. This information reduces ASLR protections
and may aid attackers isolating memory areas to target for remote code
execution attacks.
Discovery 2019-11-05 Entry 2019-11-19 squid
< 4.9
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
CVE-2019-18679
|
25e5205b-1447-11e6-9ead-6805ca0b3d42 | squid -- multiple vulnerabilities
The squid development team reports:
Please reference CVE/URL list for details
Discovery 2016-05-06 Entry 2016-05-07 Modified 2016-05-09 squid
ge 3.0.0 lt 3.5.18
squid-devel
ge 4.0.0 lt 4.0.10
CVE-2016-4553
CVE-2016-4554
CVE-2016-4555
CVE-2016-4556
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
|
a8fb8e3a-730d-11ee-ab61-b42e991fc52e | squid -- Multiple vulnerabilities
The squid-cache project reports:
- Denial of Service in FTP
- Request/Response smuggling in HTTP/1.1 and ICAP
- Denial of Service in HTTP Digest Authentication
Discovery 2023-10-21 Entry 2023-10-25 squid
< 6.4
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
|
296ecb59-0f6b-11df-8bab-0019996bc1f7 | squid -- Denial of Service vulnerability in DNS handling
Squid security advisory 2010:1 reports:
Due to incorrect data validation Squid is vulnerable to a denial
of service attack when processing specially crafted DNS packets.
This problem allows any trusted client or external server who can
determine the squid receiving port to perform a short-term denial
of service attack on the Squid service.
Discovery 2010-01-14 Entry 2010-02-01 Modified 2010-05-02 squid
ge 2.7.1 lt 2.7.7_3
ge 3.0.1 lt 3.0.23
ge 3.1.0.1 lt 3.1.0.15_2
CVE-2010-0308
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
|
d3324c55-3f11-11e4-ad16-001999f8d30b | squid -- Buffer overflow in SNMP processing
The squid-cache project reports:
Due to incorrect buffer management Squid can be caused
by an attacker to write outside its allocated SNMP buffer.
Discovery 2014-09-15 Entry 2014-09-18 squid
< 3.4.8
squid32
gt 0
squid33
< 3.3.13_2
http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-6270
|
e4dac715-c818-11df-a92c-0015587e2cc1 | squid -- Denial of service vulnerability in request handling
Squid security advisory 2010:3 reports:
Due to an internal error in string handling Squid is
vulnerable to a denial of service attack when processing
specially crafted requests.
This problem allows any trusted client to perform a
denial of service attack on the Squid service.
Discovery 2010-08-30 Entry 2010-09-24 squid
ge 3.0.1 lt 3.0.25_3
ge 3.1.0.1 lt 3.1.8
CVE-2010-3072
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
|
e1156e90-7ad6-11de-b26a-0048543d60ce | squid -- several remote denial of service vulnerabilities
Squid security advisory 2009:2 reports:
Due to incorrect buffer limits and related bound checks Squid
is vulnerable to a denial of service attack when processing
specially crafted requests or responses.
Due to incorrect data validation Squid is vulnerable to a
denial of service attack when processing specially crafted
responses.
These problems allow any trusted client or external server to
perform a denial of service attack on the Squid service.
Squid-2.x releases are not affected.
Discovery 2009-07-27 Entry 2009-07-27 Modified 2009-08-06 squid
ge 3.0.1 lt 3.0.17
ge 3.1.0.1 lt 3.1.0.12
CVE-2009-2621
CVE-2009-2622
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
|
d5b6d151-1887-11e8-94f7-9c5c8e75236a | squid -- Vulnerable to Denial of Service attack
Louis Dion-Marcil reports:
Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.
This problem allows a remote server delivering certain ESI
response syntax to trigger a denial of service for all clients
accessing the Squid service.
Due to unrelated changes Squid-3.5 has become vulnerable to some
regular ESI server responses also triggering this issue.
This problem is limited to the Squid custom ESI parser.
Squid built to use libxml2 or libexpat XML parsers do not have
this problem.
Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses or downloading
intermediate CA certificates.
This problem allows a remote client delivering certain HTTP
requests in conjunction with certain trusted server responses to
trigger a denial of service for all clients accessing the Squid
service.
Discovery 2017-12-13 Entry 2018-02-23 squid
< 3.5.27_3
squid-devel
< 4.0.23
http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024
CVE-2018-1000027
https://www.debian.org/security/2018/dsa-4122
ports/226138
|
57c1c2ee-7914-11ea-90bf-0800276545c1 | Squid -- multiple vulnerabilities
The Squid developers reports:
Improper Input Validation issues in HTTP Request
processing (CVE-2020-8449, CVE-2020-8450).
Information Disclosure issue in FTP Gateway
(CVE-2019-12528).
Buffer Overflow issue in ext_lm_group_acl helper
(CVE-2020-8517).
Discovery 2020-02-10 Entry 2020-04-07 squid
< 4.10
http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8449
https://nvd.nist.gov/vuln/detail/CVE-2020-8450
https://nvd.nist.gov/vuln/detail/CVE-2019-12528
https://nvd.nist.gov/vuln/detail/CVE-2020-8517
CVE-2020-8449
CVE-2020-8450
CVE-2019-12528
CVE-2020-8517
ports/244026
|
660ebbf5-daeb-11e5-b2bd-002590263bf5 | squid -- remote DoS in HTTP response processing
Squid security advisory 2016:2 reports:
Due to incorrect bounds checking Squid is vulnerable to a denial
of service attack when processing HTTP responses.
These problems allow remote servers delivering certain unusual
HTTP response syntax to trigger a denial of service for all
clients accessing the Squid service.
HTTP responses containing malformed headers that trigger this
issue are becoming common. We are not certain at this time if
that is a sign of malware or just broken server scripting.
Discovery 2016-02-24 Entry 2016-02-24 Modified 2016-02-28 squid
< 3.5.15
CVE-2016-2569
CVE-2016-2570
CVE-2016-2571
ports/207454
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
http://www.openwall.com/lists/oss-security/2016/02/24/12
|