CVE-2009-0478
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c.
Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service. The updated packages have been patched to address this.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-08 CVE Reserved
- 2009-02-08 CVE Published
- 2009-02-09 First Exploit
- 2024-08-07 CVE Updated
- 2025-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/500653/100/0/threaded | Mailing List | |
http://www.securitytracker.com/id?1021684 | Vdb Entry | |
https://bugzilla.redhat.com/show_bug.cgi?id=484246 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/74790 | 2009-02-09 | |
https://www.exploit-db.com/exploits/8021 | 2024-08-07 | |
http://www.securityfocus.com/bid/33604 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | 2018-10-11 | |
http://secunia.com/advisories/33731 | 2018-10-11 | |
http://secunia.com/advisories/34467 | 2018-10-11 | |
http://security.gentoo.org/glsa/glsa-200903-38.xml | 2018-10-11 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 | 2018-10-11 | |
http://www.squid-cache.org/Advisories/SQUID-2009_1.txt | 2018-10-11 | |
http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch | 2018-10-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable1 Search vendor "Squid" for product "Squid" and version "2.7.stable1" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable2 Search vendor "Squid" for product "Squid" and version "2.7.stable2" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable3 Search vendor "Squid" for product "Squid" and version "2.7.stable3" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable4 Search vendor "Squid" for product "Squid" and version "2.7.stable4" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable5 Search vendor "Squid" for product "Squid" and version "2.7.stable5" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable1 Search vendor "Squid" for product "Squid" and version "3.0.stable1" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable2 Search vendor "Squid" for product "Squid" and version "3.0.stable2" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable3 Search vendor "Squid" for product "Squid" and version "3.0.stable3" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable4 Search vendor "Squid" for product "Squid" and version "3.0.stable4" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable5 Search vendor "Squid" for product "Squid" and version "3.0.stable5" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable6 Search vendor "Squid" for product "Squid" and version "3.0.stable6" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable7 Search vendor "Squid" for product "Squid" and version "3.0.stable7" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable8 Search vendor "Squid" for product "Squid" and version "3.0.stable8" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable9 Search vendor "Squid" for product "Squid" and version "3.0.stable9" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable10 Search vendor "Squid" for product "Squid" and version "3.0.stable10" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable11 Search vendor "Squid" for product "Squid" and version "3.0.stable11" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable12 Search vendor "Squid" for product "Squid" and version "3.0.stable12" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1 Search vendor "Squid" for product "Squid" and version "3.1" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.1 Search vendor "Squid" for product "Squid" and version "3.1.0.1" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.2 Search vendor "Squid" for product "Squid" and version "3.1.0.2" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.3 Search vendor "Squid" for product "Squid" and version "3.1.0.3" | - |
Affected
| ||||||
Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.4 Search vendor "Squid" for product "Squid" and version "3.1.0.4" | - |
Affected
|