MiracleLinux 7 : squid-3.5.20-15.el7 (AXSA:2020-4563:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4563:01 advisory. squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service CVE-2018-1000024 squid: Incorrect pointer handling in...

Oracle Linux 8 : squid (ELSA-2024-9644)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9644 advisory. - Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to a Denial of Service attack against Cache Manager error responses - Resolves:...

Squid < 4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of servic...

Denial Of Service (DoS)

squid is vulnerable to denial of service. The vulnerability exists due to incorrect pointer handling when processing ESI Responses which allows an attacker to crash the application via malicious input...

Squid Proxy ESI Response Processing Denial of Service v2

A denial-of-service vulnerability exists in Squid Proxy. The vulnerability is due to incorrect pointer handling when processing ESI responses...

CVE-2018-1172

it was found that Squid, when used as a reverse proxy, did not handle ESI responses properly. A malicious web server could use this flaw to crash Squid...

SUSE SLES12 Security Update : squid (SUSE-SU-2018:0636-1)

This update for squid fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esiparser bsc1077003. - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien...

Squid Software Foundation Squid HTTP Caching Proxy Denial of Service Vulnerability

Squid Software Foundation Squid HTTP Caching Proxy is an open source HTTP caching proxy software . A security vulnerability exists in the handling of ESI responses in Squid Software Foundation Squid HTTP Caching Proxy versions 3.0 through 3.5.27 and 4.0 through 4.0.22. An attacker can exploit thi...

Debian DSA-4122-1 : squid3 - security update

Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A...

Squid Proxy Cache Security Update Advisory (SQUID-2018:1) - Linux

Squid is vulnerable to denial of service attack when processing ESI responses. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Squid Security Update Advisory (SQUID-2018:1)

Squid is vulnerable to denial of service attack when processing ESI responses. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MGASA-2018-0095 Updated squid packages fix security vulnerabilities

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service SQUID-2018:1. Due to incorrect...

Updated squid packages fix security vulnerabilities

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service SQUID-2018:1. Due to incorrect...

Squid < 3.5.17, 4.0.9 Multiple Vulnerabilities

Binary data 802013.prm...

Amazon Linux AMI : squid (ALAS-2016-713)

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation flaws were found ...

Medium: squid

Issue Overview: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation...

Ubuntu 14.04 LTS / 16.04 LTS : Squid vulnerabilities (USN-2995-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2995-1 advisory. Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issu...

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

Squid 3.x < 3.5.17 / 4.x < 4.0.9 Esi.cc Multiple Vulnerabilities

According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.17 or 4.x prior to 4.0.9. It is, therefore, affected by multiple vulnerabilities : - An assertion fault exists in file esi/Esi.cc that is triggered when handling ESI responses. An unauthenticated, remote...