Lucene search

[email protected]NVD:CVE-2016-2572

HistoryFeb 27, 2016 - 5:59 a.m.

CVE-2016-2572

2016-02-2705:59:06

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.675

Percentile

98.0%

JSON

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Affected configurations

Nvd

Node

squid-cachesquidMatch4.0.1

squid-cachesquidMatch4.0.2

squid-cachesquidMatch4.0.3

squid-cachesquidMatch4.0.4

squid-cachesquidMatch4.0.5

squid-cachesquidMatch4.0.6

VendorProductVersionCPE
squid-cachesquid4.0.1cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
squid-cachesquid4.0.2cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
squid-cachesquid4.0.3cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
squid-cachesquid4.0.4cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
squid-cachesquid4.0.5cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
squid-cachesquid4.0.6cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squid-cache	squid	4.0.1	cpe:2.3:a:squid-cache:squid:4.0.1:::::::*
squid-cache	squid	4.0.2	cpe:2.3:a:squid-cache:squid:4.0.2:::::::*
squid-cache	squid	4.0.3	cpe:2.3:a:squid-cache:squid:4.0.3:::::::*
squid-cache	squid	4.0.4	cpe:2.3:a:squid-cache:squid:4.0.4:::::::*
squid-cache	squid	4.0.5	cpe:2.3:a:squid-cache:squid:4.0.5:::::::*
squid-cache	squid	4.0.6	cpe:2.3:a:squid-cache:squid:4.0.6:::::::*