Squid HTCP Packets Processing Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Squid and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers to crash an affected server, creating a denial of service condition.

Solution

Apply patches or upgrade to the squid version 3.0.STABLE24 http://www.squid-cache.org/Download/ http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is due to error in 'htcpHandleTstRequest()' function in 'htcp.c', when processing malformed HTCP (Hypertext Caching Protocol) packets.

Affected

Squid Version 2.x, and 3.0 to 3.0.STABLE23

References

http://securitytracker.com/alerts/2010/Feb/1023587.html
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.vupen.com/english/advisories/2010/0371

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0639
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
Comodo Internet Security Denial of Service Vulnerability-04
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
Comodo Internet Security Denial of Service Vulnerability-03

Squid HTCP Packets Processing Denial of Service Vulnerability

Take action and discover your vulnerabilities