Description

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Remediation

References

CVE-2016-2571

Related Vulnerabilities

WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.1)

WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2)

Payara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-37422)

Drupal Other Vulnerability (CVE-2015-3232)

WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)

Severity

High

Classification

CVE-2016-2571 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities