CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0801 – Gentoo Linux Security Advisory 201309-22
https://notcve.org/view.php?id=CVE-2009-0801
04 Mar 2009 — Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Squid cuando el modo de interceptación trasparente está habilitado, utiliza la cabecera HTTP Host para determinar el punto fina... • http://www.kb.cert.org/vuls/id/435052 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 14%CPEs: 38EXPL: 1CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
04 Dec 2007 — The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con enc... • http://bugs.gentoo.org/show_bug.cgi?id=201209 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2001-0843
https://notcve.org/view.php?id=CVE-2001-0843
06 Dec 2001 — Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request. • http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2001-1030
https://notcve.org/view.php?id=CVE-2001-1030
18 Jul 2001 — Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. • http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html •