Description
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
Remediation
References
Related Vulnerabilities
WordPress Other Vulnerability (CVE-2007-3544)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)
WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)
WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)
WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)