Lucene search

[email protected]NVD:CVE-2014-0128

HistoryApr 14, 2014 - 3:09 p.m.

CVE-2014-0128

2014-04-1415:09:05

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.156 Low

EPSS

Percentile

96.0%

JSON

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Affected configurations

NVD

Node

squid-cachesquidMatch3.1

squid-cachesquidMatch3.1.0.1

squid-cachesquidMatch3.1.0.2

squid-cachesquidMatch3.1.0.3

squid-cachesquidMatch3.1.0.4

squid-cachesquidMatch3.1.0.5

squid-cachesquidMatch3.1.0.6

squid-cachesquidMatch3.1.0.7

squid-cachesquidMatch3.1.0.8

squid-cachesquidMatch3.1.0.9

squid-cachesquidMatch3.1.0.10

squid-cachesquidMatch3.1.0.11

squid-cachesquidMatch3.1.0.12

squid-cachesquidMatch3.1.0.13

squid-cachesquidMatch3.1.0.14

squid-cachesquidMatch3.1.0.15

squid-cachesquidMatch3.1.0.16

squid-cachesquidMatch3.1.0.17

squid-cachesquidMatch3.1.0.18

squid-cachesquidMatch3.1.1

squid-cachesquidMatch3.1.2

squid-cachesquidMatch3.1.3

squid-cachesquidMatch3.1.4

squid-cachesquidMatch3.1.5

squid-cachesquidMatch3.1.5.1

squid-cachesquidMatch3.1.6

squid-cachesquidMatch3.1.7

squid-cachesquidMatch3.1.8

squid-cachesquidMatch3.1.9

squid-cachesquidMatch3.1.10

squid-cachesquidMatch3.1.11

squid-cachesquidMatch3.1.12

squid-cachesquidMatch3.1.13

squid-cachesquidMatch3.1.14

squid-cachesquidMatch3.1.15

squid-cachesquidMatch3.2.0.1

squid-cachesquidMatch3.2.0.2

squid-cachesquidMatch3.2.0.3

squid-cachesquidMatch3.2.0.4

squid-cachesquidMatch3.2.0.5

squid-cachesquidMatch3.2.0.6

squid-cachesquidMatch3.2.0.7

squid-cachesquidMatch3.2.0.8

squid-cachesquidMatch3.2.0.9

squid-cachesquidMatch3.2.0.10

squid-cachesquidMatch3.2.0.11

squid-cachesquidMatch3.2.0.12

squid-cachesquidMatch3.2.0.13

squid-cachesquidMatch3.2.0.14

squid-cachesquidMatch3.2.0.15

squid-cachesquidMatch3.2.0.16

squid-cachesquidMatch3.2.0.17

squid-cachesquidMatch3.2.0.18

squid-cachesquidMatch3.2.0.19

squid-cachesquidMatch3.2.1

squid-cachesquidMatch3.2.2

squid-cachesquidMatch3.2.3

squid-cachesquidMatch3.2.4

squid-cachesquidMatch3.2.5

squid-cachesquidMatch3.2.6

squid-cachesquidMatch3.2.7

squid-cachesquidMatch3.2.8

squid-cachesquidMatch3.2.9

squid-cachesquidMatch3.2.10

squid-cachesquidMatch3.2.11

squid-cachesquidMatch3.2.12

squid-cachesquidMatch3.3.0

squid-cachesquidMatch3.3.0.2

squid-cachesquidMatch3.3.0.3

squid-cachesquidMatch3.3.1

squid-cachesquidMatch3.3.2

squid-cachesquidMatch3.3.3

squid-cachesquidMatch3.3.4

squid-cachesquidMatch3.3.5

squid-cachesquidMatch3.3.6

squid-cachesquidMatch3.3.7

squid-cachesquidMatch3.3.8

squid-cachesquidMatch3.3.9

squid-cachesquidMatch3.3.10

squid-cachesquidMatch3.3.11

squid-cachesquidMatch3.4.0.1

squid-cachesquidMatch3.4.0.2

squid-cachesquidMatch3.4.0.3

squid-cachesquidMatch3.4.1

squid-cachesquidMatch3.4.2

squid-cachesquidMatch3.4.3

Node

opensuseopensuseMatch11.4

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

lists.opensuse.org/opensuse-updates/2014-04/msg00030.html

lists.opensuse.org/opensuse-updates/2014-04/msg00060.html

secunia.com/advisories/57288

secunia.com/advisories/57889

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.securityfocus.com/bid/66112

www.squid-cache.org/Advisories/SQUID-2014_1.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.156 Low

EPSS

Percentile

96.0%

JSON

Related for NVD:CVE-2014-0128

nessus16 openvas16 debiancve1 prion1 cvelist1 cve1 oraclelinux1 centos1 seebug1 ubuntucve1 securityvulns2 redhat1 amazon2 fedora2 mageia2 veracode1 gentoo1 suse2