Squid Proxy mkdir-only PUT Request DoS

2001-09-21T00:00:00
ID OSVDB:639
Type osvdb
Reporter OSVDB
Modified 2001-09-21T00:00:00

Description

Vulnerability Description

This host is running the Squid Proxy server. This server is vulnerable to a denial of service attack. This prevents users from accessing the web. An attacker can use this to create a denial of service condition.

Technical Description

Connects to the Squid Proxy port (default:8080 or 3128) and retrieves any web banner. Checked for version information matching Squid 2.3 (STABLE2, STABLE3, STABLE4, STABLE5) or 2.4 (STABLE1, PRE-STABLE2, PRE-STABLE, DEVEL4, DEVEL2).

Solution Description

The vendor has released a patch that fixes this issue. Please upgrade to that latest version of Squid Proxy Server available from http://www.squid-cache.org/.

Short Description

This host is running the Squid Proxy server. This server is vulnerable to a denial of service attack. This prevents users from accessing the web. An attacker can use this to create a denial of service condition.

References:

Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-09/0181.html ISS X-Force ID: 7157 CVE-2001-0843 Bugtraq ID: 3354