Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessus(C) 2007-2020 Shu-Ting Ou <[email protected]>SQUID_CDOS.NASL
HistoryMar 20, 2007 - 12:00 a.m.

Squid < 2.6.STABLE7 Multiple Remote DoS

2007-03-2000:00:00
(C) 2007-2020 Shu-Ting Ou <[email protected]>
www.tenable.com
7
JSON

Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a denial of service.

# Changes by Tenable:
#   - added script_name, revised description, added script dependency
#   - added code to only run if report paranoia is "Paranoid".
#   - fixed regex, added report function.
#   - updated title (6/25/09)
#   - changed plugin family (7/6/09)
#   - Updated to use compat.inc (11/20/2009)

include("compat.inc");

if (description)
{
  script_id(24870);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2007-0247", "CVE-2007-0248");
  script_bugtraq_id(22079, 22203);

  script_name(english:"Squid < 2.6.STABLE7 Multiple Remote DoS");
  script_summary(english:"Determines squid version");

  script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is affected by multiple denial of service
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Two vulnerabilities have been reported in Squid, which can be
exploited by malicious people to cause a denial of service.");
  # http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69b56cc5");
  script_set_attribute(attribute:"solution", value:"Upgrade to squid 2.6.STABLE7 or newer.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"(C) 2007-2020 Shu-Ting Ou <[email protected]>");
  script_family(english:"Firewalls");

  script_dependencies("proxy_use.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/http_proxy",3128, 8080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_kb_item("Services/http_proxy");
if(!port)port = 3128;
if(!get_port_state(port))port = 8080;

if(get_port_state(port))
{
 res = http_get_cache_ka(item:"/", port:port);
 if(res && egrep(pattern:"[Ss]quid/2\.([0-5]\.|6\.STABLE[0-6][^0-9])", string:res))
   security_warning(port);
}
VendorProductVersionCPE
squid-cachesquidcpe:/a:squid-cache:squid

Related

openvas 11
nessus 8
suse 1
ubuntu 1
securityvulns 1
gentoo 1
ubuntucve 2
prion 2
cve 2
debiancve 2
checkpoint_advisories 1
redhatcve 1
fedora 1
openvas
openvas
SLES9: Security update for squid
2009-10-10 00:00:00
Mandriva Update for squid MDKSA-2007:026 (squid)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200701-22 (squid)
2008-09-24 00:00:00
nessus
nessus
GLSA-200701-22 : Squid: Multiple Denial of Service vulnerabilities
2007-01-26 00:00:00
Ubuntu 6.06 LTS / 6.10 : squid vulnerabilities (USN-414-1)
2007-11-10 00:00:00
SuSE 10 Security Update : squid (ZYPP Patch Number 2502)
2007-12-13 00:00:00
suse
suse
remote denial of service in squid
2007-01-23 12:13:41
ubuntu
ubuntu
Squid vulnerabilities
2007-01-25 00:00:00
securityvulns
securityvulns
Multiple Squid cache proxy security vulnerability
2007-01-17 00:00:00
gentoo
gentoo
Squid: Multiple Denial of Service vulnerabilities
2007-01-25 00:00:00
ubuntucve
ubuntucve
CVE-2007-0248
2007-01-16 00:00:00
CVE-2007-0247
2007-01-16 00:00:00
prion
prion
Design/Logic Flaw
2007-01-16 18:28:00
Design/Logic Flaw
2007-01-16 18:28:00
cve
cve
CVE-2007-0248
2007-01-16 18:28:00
CVE-2007-0247
2007-01-16 18:28:00
debiancve
debiancve
CVE-2007-0248
2007-01-16 18:28:00
CVE-2007-0247
2007-01-16 18:28:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy FTP URI Processing Denial of Service (CVE-2007-0247)
2009-11-25 00:00:00
redhatcve
redhatcve
CVE-2007-0248
2015-10-30 10:08:06
fedora
fedora
[SECURITY] Fedora Core 5 Update: squid-2.5.STABLE14-3.FC5
2007-01-17 16:32:06
JSON
Related for SQUID_CDOS.NASL
openvas11nessus8suse1ubuntu1securityvulns1gentoo1ubuntucve2prion2cve2debiancve2checkpoint_advisories1redhatcve1fedora1