CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0801
https://notcve.org/view.php?id=CVE-2009-0801
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Squid cuando el modo de interceptación trasparente está habilitado, utiliza la cabecera HTTP Host para determinar el punto final remoto, esto permite a atacantes remotos evitar los controles de acceso para Flash, Java, Silverlight y puede que otras tecnologías y permite que se comunique con sitios de intranet restringidos a través de una página Web manipulada que provoca que un cliente envíe solicitudes HTTP con una cabecera Host modificada. • http://www.kb.cert.org/vuls/id/435052 http://www.securityfocus.com/bid/33858 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 94%CPEs: 22EXPL: 2CVE-2009-0478 – Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c. • https://www.exploit-db.com/exploits/8021 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33731 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 http://www.securityfocus.com/archive/1/500653/100/0/threaded http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://www.squid-cache.org/Advisorie • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 22%CPEs: 38EXPL: 1CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché. • http://bugs.gentoo.org/show_bug.cgi?id=201209 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/27910 http://secunia.com/advisories/28091 http://secunia.com/advisories/28109 http://secunia.com/advisories/28350 http://secunia.com/advisories/28381 http://secunia.com/advisories/28403 http://secunia.com/advisories/28412 http://secunia.com/advisories/28814 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 95%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://fedoranews.org/updates/FEDORA--.shtml http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=109913064629327&w=2 http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml http://www.idefense.com/application& • CWE-399: Resource Management Errors •