Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9775.PRM
HistoryNov 11, 2016 - 12:00 a.m.

Squid 3.5.x < 3.5.17 Multiple Vulnerabilities

2016-11-1100:00:00
Tenable
www.tenable.com
6
JSON

Versions of Squid 3.5.x prior to 3.5.17 are affected by multiple vulnerabilities :

  • A flaw in ‘esi/Esi.cc’ is triggered as input is not properly validated when handling ESI responses. This may allow a remote attacker to disclose the server stack layout.
  • An overflow condition in ‘esi/Esi.cc’ is triggered as user-supplied input is not properly validated when handling ESI responses. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
  • An assertion flaw in ‘esi/Esi.cc’ is triggered as input is not properly validated when handling ESI responses. This may allow a remote attacker to terminate the service.
  • An overflow condition is triggered as user-supplied input is not properly validated when processing the length of content lines in reports by the ‘cachemgr.cgi’ tool. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Binary data 9775.prm
VendorProductVersionCPE
squid-cachesquidcpe:/a:squid-cache:squid
JSON