FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c27bc173-d7aa-11db-b141-0016179b2dd5Squid -- TRACE method handling denial of service

Squid advisory 2007:1 notes:

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method.

Workarounds:

To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule.

acl TRACE method TRACE

http_access deny TRACE


Discovery 2007-03-20
Entry 2007-03-21
Modified 2010-05-12
squid
ge 2.6.* lt 2.6.12

CVE-2007-1560
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt
6eb580d7-a29c-11dc-8919-001c2514716cSquid -- Denial of Service Vulnerability

Squid secuirty advisory reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing.

This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.


Discovery 2007-11-28
Entry 2007-12-04
Modified 2007-12-07
squid
ge 2.0 lt 2.6.16_1

ge 3.* lt 3.0.r1.20071001_1

26687
CVE-2007-6239
6eb580d7-a29c-11dc-8919-001c2514716cSquid -- Denial of Service Vulnerability

Squid secuirty advisory reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing.

This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.


Discovery 2007-11-28
Entry 2007-12-04
Modified 2007-12-07
squid
ge 2.0 lt 2.6.16_1

ge 3.* lt 3.0.r1.20071001_1

26687
CVE-2007-6239
c37de843-488e-11e2-a5c9-0019996bc1f7squid -- denial of service

Squid developers report:

Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests.

This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host.

The nature of the attack may cause secondary effects through resource consumption on the host server.


Discovery 2012-12-17
Entry 2012-12-28
Modified 2013-05-02
squid
lt 2.7.9_4

ge 3.1 lt 3.1.23

ge 3.2 lt 3.2.6

ge 3.3 lt 3.3.0.3

CVE-2012-5643
CVE-2013-0189
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
c27bc173-d7aa-11db-b141-0016179b2dd5Squid -- TRACE method handling denial of service

Squid advisory 2007:1 notes:

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method.

Workarounds:

To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule.

acl TRACE method TRACE

http_access deny TRACE


Discovery 2007-03-20
Entry 2007-03-21
Modified 2010-05-12
squid
ge 2.6.* lt 2.6.12

CVE-2007-1560
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt