Page 14 of 70 results (0.007 seconds)

CVSS: 5.0EPSS: 95%CPEs: 88EXPL: 0

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." HttpHdrRange.cc en Squid 3.x anterior a 3.3.12 y 3.4.x anterior a 3.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de una solicitud con ' cabeceras de rango con valores de rango de bytes no identificables' manipuladas. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html http://rhn.redhat.com/errata/RHSA-2014-1147.html http://secunia.com/advisories/60179 http://secunia.com/advisories/60334 http://secunia.com/advisories/61320 http://secunia.com/advisories/61412 http://www.debian.org/security/2014/dsa-3014 http://www.debian.org/security/2015/dsa-3139 http://www.oracle.com/technetwork/topics/security/bulletinj • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 5.0EPSS: 15%CPEs: 87EXPL: 0

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. Squid 3.1 anterior a 3.3.12 y 3.4 anterior a 3.4.4, cuando SSL-Bump está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción) a través de una solicitud de rango manipulada, relacionado con gestión de estado. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html http://secunia.com/advisories/57288 http://secunia.com/advisories/57889 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/66112 http://www.squid-cache.org • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 5%CPEs: 63EXPL: 0

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. cachemgr.cgi en Squid v3.1.x, v3.2.x y posiblemente, v3.1.22, v3.2.4 y otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de una solicitud hecha a mano. NOTA: este problema se debe a una solución incorrecta para CVE-2012-5643, posiblemente con un orden incorrecto de argumentos o de comparación incorrecta. • http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743 http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744 http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 96%CPEs: 102EXPL: 0

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) cabeceras Content-Length no válidas, (2) largas peticiones POST, o (3) credenciales de autenticación manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://openwall.com/lists/oss-security/2012/12/17/4 http://rhn.redhat.com/errata& • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.8EPSS: 94%CPEs: 71EXPL: 0

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://openwall.com/lists/oss-security/2011/08/29/2 http://openwall.com/lists/oss-security/2011/08/30/4 http: •