CVSS: 5.0EPSS: 22%CPEs: 38EXPL: 1CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché. • http://bugs.gentoo.org/show_bug.cgi?id=201209 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/27910 http://secunia.com/advisories/28091 http://secunia.com/advisories/28109 http://secunia.com/advisories/28350 http://secunia.com/advisories/28381 http://secunia.com/advisories/28403 http://secunia.com/advisories/28412 http://secunia.com/advisories/28814 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2480 – National Science Foundation Squid Proxy 2.3 - Internet Access Control Bypass
https://notcve.org/view.php?id=CVE-2004-2480
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. • https://www.exploit-db.com/exploits/24105 http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html http://www.securityfocus.com/bid/10315 https://exchange.xforce.ibmcloud.com/vulnerabilities/16153 •