Lucene search
HistorySep 30, 2013 - 10:55 p.m.
CVE-2013-1839
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
High
EPSS
0.902
Percentile
98.8%
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a “,” character in an Accept-Language header.
Affected configurations
Node
squid-cachesquidMatch3.2.0.1
ORsquid-cachesquidMatch3.2.0.2
ORsquid-cachesquidMatch3.2.0.3
ORsquid-cachesquidMatch3.2.0.4
ORsquid-cachesquidMatch3.2.0.5
ORsquid-cachesquidMatch3.2.0.6
ORsquid-cachesquidMatch3.2.0.7
ORsquid-cachesquidMatch3.2.0.8
ORsquid-cachesquidMatch3.2.0.9
ORsquid-cachesquidMatch3.2.0.10
ORsquid-cachesquidMatch3.2.0.11
ORsquid-cachesquidMatch3.2.0.12
ORsquid-cachesquidMatch3.2.0.13
ORsquid-cachesquidMatch3.2.0.14
ORsquid-cachesquidMatch3.2.0.15
ORsquid-cachesquidMatch3.2.0.16
ORsquid-cachesquidMatch3.2.0.17
ORsquid-cachesquidMatch3.2.0.18
ORsquid-cachesquidMatch3.2.0.19
ORsquid-cachesquidMatch3.2.1
ORsquid-cachesquidMatch3.2.2
ORsquid-cachesquidMatch3.2.3
ORsquid-cachesquidMatch3.2.4
ORsquid-cachesquidMatch3.2.5
ORsquid-cachesquidMatch3.2.6
ORsquid-cachesquidMatch3.2.7
ORsquid-cachesquidMatch3.2.8
ORsquid-cachesquidMatch3.3.0
ORsquid-cachesquidMatch3.3.0.2
ORsquid-cachesquidMatch3.3.0.3
ORsquid-cachesquidMatch3.3.1
ORsquid-cachesquidMatch3.3.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| squid-cache | squid | 3.2.0.1 | cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.2 | cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.3 | cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.4 | cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.5 | cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.6 | cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.7 | cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.8 | cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.9 | cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:* |
| squid-cache | squid | 3.2.0.10 | cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:* |
Related
checkpoint_advisories
checkpoint_advisories
Squid Proxy strHdrAcptLangGetItem Value Denial of Service (CVE-2013-1839)
2013-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2013-1839
2013-09-30 00:00:00
debiancve
debiancve
CVE-2013-1839
2013-09-30 22:55:00
prion
prion
Design/Logic Flaw
2013-09-30 22:55:00
nessus
nessus
Fedora 18 : squid-3.2.9-1.fc18 (2013-4050)
2013-04-07 00:00:00
Fedora 17 : squid-3.2.9-1.fc17 (2013-4063)
2013-04-07 00:00:00
cve
cve
CVE-2013-1839
2013-09-30 22:55:04
cvelist
cvelist
CVE-2013-1839
2013-09-30 20:00:00
securityvulns
securityvulns
Squid security vulnerabilities
2013-03-10 00:00:00
openvas
openvas
Squid Accept-Language Header DoS Vulnerability (SQUID-2013:1)
2013-10-03 00:00:00
Fedora Update for squid FEDORA-2013-4050
2013-04-08 00:00:00
Fedora Update for squid FEDORA-2013-4050
2013-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: squid-3.2.9-1.fc18
2013-04-05 23:09:37
[SECURITY] Fedora 17 Update: squid-3.2.9-1.fc17
2013-04-05 23:00:38
[SECURITY] Fedora 18 Update: squid-3.2.13-1.fc18
2013-08-02 21:53:16
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
High
EPSS
0.902
Percentile
98.8%
Related for NVD:CVE-2013-1839