Description

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Remediation

References

CVE-2009-2855

Related Vulnerabilities

WordPress Plugin White Label CMS PHP Object Injection (2.4)

Magento CVE-2019-7904 Vulnerability (CVE-2019-7904)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-44528)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22872)

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)

Severity

Medium

Classification

CVE-2009-2855 CWE-20

Tags

Missing Update Known Vulnerabilities