Medium: squid

🗓️ 25 Sep 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

Multiple DoS and disclosure in Squid before 4.15 and 5.0.6 Web Cache Protocol, urn parser, and range requests.

Reporter	Title	Published	Views	Family All 366
ATTACKERKB	CVE-2021-28662	27 May 202112:15	–	attackerkb
ATTACKERKB	CVE-2021-28652	27 May 202112:15	–	attackerkb
ATTACKERKB	CVE-2021-28651	27 May 202112:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : squid (ALAS-2023-1950)	22 Feb 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : squid (ALAS-2023-2318)	26 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : squid (ALASSQUID4-2023-004)	27 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : squid (ALAS-2023-1687)	23 Feb 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0132: squid:4 (ALINUX3-SA-2022:0132)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : squid:4 (ALSA-2022:1939)	12 May 202200:00	–	nessus
Tenable Nessus	CentOS 8 : squid:4 (CESA-2021:4292)	11 Nov 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	squid	4.15-1.amzn2.0.1	squid-4.15-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	squid	4.15-1.amzn2.0.1	squid-4.15-1.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	squid	4.15-1.amzn2.0.1	squid-4.15-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	squid-debuginfo	4.15-1.amzn2.0.1	squid-debuginfo-4.15-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	squid-debuginfo	4.15-1.amzn2.0.1	squid-debuginfo-4.15-1.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	squid-debuginfo	4.15-1.amzn2.0.1	squid-debuginfo-4.15-1.amzn2.0.1.x86_64.rpm

25 Sep 2023 00:00Current

8High risk

Vulners AI Score8

CVSS 25

CVSS 3.16.5 - 7.5

EPSS0.85178

Web Cache Protocol Urn Parser Cache Manager Range Requests Memory Leak Remote Code Execution Denial of Service Information Disclosure