PRIOn knowledge basePRION:CVE-2009-2855

HistoryAug 18, 2009 - 9:00 p.m.

Code injection

2009-08-1821:00:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

CPENameOperatorVersion
squideq2.7 stable3
squideq2.7 stable4
squideq2.7

Name	Operator	Version
squid	eq	2.7 stable3
squid	eq	2.7 stable4
squid	eq	2.7

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982

bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982

www.openwall.com/lists/oss-security/2009/07/20/10

www.openwall.com/lists/oss-security/2009/08/03/3

www.openwall.com/lists/oss-security/2009/08/04/6

www.securityfocus.com/bid/36091

www.securitytracker.com/id?1022757

www.squid-cache.org/bugs/show_bug.cgi?id=2541

www.squid-cache.org/bugs/show_bug.cgi?id=2704

bugzilla.redhat.com/show_bug.cgi?id=518182

exchange.xforce.ibmcloud.com/vulnerabilities/52610

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

Related for PRION:CVE-2009-2855