Description

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Remediation

References

CVE-2016-2569

Related Vulnerabilities

WebLogic CVE-2020-2549 Vulnerability (CVE-2020-2549)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10704)

WordPress Plugin Smush Image Compression and Optimization Multiple Vulnerabilities (2.9.1)

Oracle Database Server CVE-2015-4888 Vulnerability (CVE-2015-4888)

Severity

High

Classification

CVE-2016-2569 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities