Description

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Remediation

References

CVE-2013-1839

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)

Microsoft IIS5 NTLM and Basic authentication bypass

PHP CVE-2024-2757 Vulnerability (CVE-2024-2757)

Moodle CVE-2024-48900 Vulnerability (CVE-2024-48900)

WordPress Plugin Category Specific RSS feed Subscription Cross-Site Request Forgery (2.0)

Severity

High

Classification

CVE-2013-1839 CWE-20

Tags

Missing Update Known Vulnerabilities