CVSS: 5.0EPSS: 94%CPEs: 22EXPL: 2CVE-2009-0478 – Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c. • https://www.exploit-db.com/exploits/8021 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33731 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 http://www.securityfocus.com/archive/1/500653/100/0/threaded http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://www.squid-cache.org/Advisorie • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 95%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://fedoranews.org/updates/FEDORA--.shtml http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=109913064629327&w=2 http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml http://www.idefense.com/application& • CWE-399: Resource Management Errors •