CVE-2009-0478
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c.
Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service. The updated packages have been patched to address this.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-02-08 CVE Reserved
- 2009-02-08 CVE Published
- 2009-02-09 First Exploit
- 2024-08-07 CVE Updated
- 2025-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/500653/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021684 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=484246 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/74790 | 2009-02-09 | |
| https://www.exploit-db.com/exploits/8021 | 2024-08-07 | |
| http://www.securityfocus.com/bid/33604 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | 2018-10-11 | |
| http://secunia.com/advisories/33731 | 2018-10-11 | |
| http://secunia.com/advisories/34467 | 2018-10-11 | |
| http://security.gentoo.org/glsa/glsa-200903-38.xml | 2018-10-11 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 | 2018-10-11 | |
| http://www.squid-cache.org/Advisories/SQUID-2009_1.txt | 2018-10-11 | |
| http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable1 Search vendor "Squid" for product "Squid" and version "2.7.stable1" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable2 Search vendor "Squid" for product "Squid" and version "2.7.stable2" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable3 Search vendor "Squid" for product "Squid" and version "2.7.stable3" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable4 Search vendor "Squid" for product "Squid" and version "2.7.stable4" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 2.7.stable5 Search vendor "Squid" for product "Squid" and version "2.7.stable5" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable1 Search vendor "Squid" for product "Squid" and version "3.0.stable1" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable2 Search vendor "Squid" for product "Squid" and version "3.0.stable2" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable3 Search vendor "Squid" for product "Squid" and version "3.0.stable3" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable4 Search vendor "Squid" for product "Squid" and version "3.0.stable4" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable5 Search vendor "Squid" for product "Squid" and version "3.0.stable5" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable6 Search vendor "Squid" for product "Squid" and version "3.0.stable6" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable7 Search vendor "Squid" for product "Squid" and version "3.0.stable7" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable8 Search vendor "Squid" for product "Squid" and version "3.0.stable8" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable9 Search vendor "Squid" for product "Squid" and version "3.0.stable9" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable10 Search vendor "Squid" for product "Squid" and version "3.0.stable10" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable11 Search vendor "Squid" for product "Squid" and version "3.0.stable11" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.0.stable12 Search vendor "Squid" for product "Squid" and version "3.0.stable12" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1 Search vendor "Squid" for product "Squid" and version "3.1" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.1 Search vendor "Squid" for product "Squid" and version "3.1.0.1" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.2 Search vendor "Squid" for product "Squid" and version "3.1.0.2" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.3 Search vendor "Squid" for product "Squid" and version "3.1.0.3" | - |
Affected
| ||||||
| Squid Search vendor "Squid" | Squid Search vendor "Squid" for product "Squid" | 3.1.0.4 Search vendor "Squid" for product "Squid" and version "3.1.0.4" | - |
Affected
| ||||||