Japan Vulnerability NotesJVN:64455813JVN#64455813: Squid input validation vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
65.1%
Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client.
Impact
If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting attack.
Solution
Apply an Update
Apply the appropriate update for the version of the software being used.
Products Affected
- Squid versions prior to 3.1.1-STABLE
According to the developer, this vulnerability was addressed in 3.1.0.10-beta and that all stable Squid versions 3.1.x and later are not affected by this vulnerability.
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
65.1%