Lucene search

K
redhatcveRedhat.comRH:CVE-2021-28652
HistoryMay 19, 2021 - 3:54 p.m.

CVE-2021-28652

2021-05-1915:54:31
redhat.com
access.redhat.com
42
squid
parser validation bug
cache manager api
memory leaks
denial of service
system availability
mitigation
hardened access privileges
authentication
access controls
http_access directive
ip address restriction
disabled cache manager access
squid.conf

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.9%

A flaw was found in Squid. A parser validation bug could allow a trusted client with Cache Manager API access privileges to trigger memory leaks, potentially resulting in a denial of service against Squid. The highest threat from this vulnerability is to system availability.

Mitigation

To mitigate this flaw Cache Manager access privileges can be hardened, for example by requiring authentication or other access controls in the "http_access" directive beyond the default IP address restriction. Alternatively, Cache Manager access can be disabled entirely if not needed. To do so, place the following line in squid.conf before lines containing "allow" :

http_access deny manager  

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.9%