Squid External Auth Header Parser DOS Vulnerabilities Network Vulnerability

Summary

This host is running Squid and is prone to Denial Of Service vulnerabilities.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Solution

Upgrade to Squid Version 3.1.4 or later, For further updates refer, http://www.squid-cache.org/Download/

Insight

The flaw is due to error in 'strListGetItem()' function within 'src/HttpHeaderTools.c'.

Affected

Squid Version 2.7.X

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
http://www.openwall.com/lists/oss-security/2009/08/03/3

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2855
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Denial Of Service Vulnerability in PHP April-09
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
F-Secure Policy Manager Server fsmsh.dll module DoS
Comodo Internet Security Denial of Service Vulnerability-03

Take action and discover your vulnerabilities