CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-1000027 – squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000027
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. Squid Software Foundation Squid HTTP Caching Proxy, en versiones anteriores a la 4.0.23, contiene una vulnerabilidad de desreferencia de puntero NULL en el procesamiento de cabeceras HTTP Response X-Forwarded-For. Esto puede resultar en una denegación de servicio (DoS) para todos los clientes que empleen el proxy. • http://www.squid-cache.org/Advisories/SQUID-2018_2.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch https://github.com/squid-cache/squid/pull/129/files https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html https://usn.ubuntu.com/3557-1 https://usn.ubuntu.com/4059-2 https://www.debia • CWE-117: Improper Output Neutralization for Logs CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 56%CPEs: 15EXPL: 0CVE-2016-4553 – squid: Cache poisoning issue in HTTP Request handling
https://notcve.org/view.php?id=CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. client_side.cc en Squid en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 no ignora correctamente la cabecera Host cuando se proporciona una URI absoluta, lo que permite a atacantes remotos llevar a cabo ataques de envenenamiento de caché a través de una petición HTTP. An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. • http://bugs.squid-cache.org/show_bug.cgi?id=4501 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1035768 http://www.squid-cache.org/Advisories/SQUID-2016_7.txt http& • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4554 – squid: Header Smuggling issue in HTTP Request processing
https://notcve.org/view.php?id=CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. mime_header.cc en Squid en versiones anteriores a 3.5.18 permite a atacantes remotos eludir restricciones destinadas al mismo origen y posiblemente llevar a cabo ataques de envenenamiento de caché a través de una cabecera HTTP Host manipulada, también conocido como un problema "contrabando de peticiones". An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1035769 http://www.squid-cache.org/Advisories/SQUID-2016_8.txt http://www.squid-cache.org/Versions/v3/3.1/changesets&# • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 3%CPEs: 148EXPL: 1CVE-2016-4555 – squid: SegFault from ESIInclude::Start
https://notcve.org/view.php?id=CVE-2016-4555
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. client_side_request.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegación de servicio (caída) a través de respuestas Edge Side Includes (ESI) manipuladas. A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. • http://bugs.squid-cache.org/show_bug.cgi?id=4455 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.openwall.com/lists/oss-security/2016/05/06/3 http://www.openwall.com/lists/oss-security/2016/05/06/5 http://www.oracle.com/technetwork/topics/security/linu • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 148EXPL: 0CVE-2016-4556 – squid: SIGSEGV in ESIContext response handling
https://notcve.org/view.php?id=CVE-2016-4556
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. Vulnerabilidad de liberación doble de memoria en Esi.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegación de servicio (caída) a través de una respuesta Edge Side Includes (ESI) manipulada. An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.openwall.com/lists/oss-security/2016/05/06/3 http://www.openwall.com/lists/oss-security/2016/05/06/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/ • CWE-20: Improper Input Validation •