183 matches found
GLSA-200606-05 : Pound: HTTP request smuggling
The remote host is affected by the vulnerability described in GLSA-200606-05 Pound: HTTP request smuggling Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP request...
CVE-2004-2654
Squid Web Proxy Cache is affected by CVE-2004-2654. The vulnerability resides in clientAbortBody() in client_side.c and can trigger a null-dereference, allowing remote denial of service. Affected version line: before 2.6 STABLE6. The issue is not the buffer overflow claim; vendor reports indicate...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
DSA-809-3 squid - assertion error
Bulletin has no description...
security flaw
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages...
CVE-2004-2480
CVE-2004-2480 affects Squid Web Proxy Cache 2.3.STABLE5. The vulnerability allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL processed by Internet Explorer. The provided materials do not specify root cause details, affected versions beyo...
CVE-2004-2479
The CVE-2004-2479 issue affects Squid Web Proxy Cache (2.5 era) where a remote attacker can cause DNS operations to fail by submitting URLs with invalid hostnames, leading Squid to reference previously used error messages. Connected advisories confirm this vulnerability and describe updates to Sq...
security flaw
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
squid security update
CentOS Errata and Security Advisory CESA-2005:415 An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found ...
Debian DSA-651-1 : squid - buffer overflow, integer overflow
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : - CAN-2005-0094 'infamous41md' discovered a buffer overflow in the parser for Gopher responses...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-0918
CVE-2004-0918: Squid’s SNMP parser (asn_parse_header in asn1.c) before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) by sending SNMP packets with negative length fields that trigger a memory allocation error. The issue yields a partial availability impact and i...
CVE-2004-0918
The asnparseheader function asn1.c in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service server restart via certain SNMP packets with negative length fields that trigger a memory allocation error...
[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability
Squid Web Proxy Cache Remote Denial of Service Vulnerability iDEFENSE Security Advisory 10.11.04: www.idefense.com/application/poi/display?id=152&type=vulnerabilities October 11, 2004 I. BACKGROUND Squid Web Proxy Cache is a full-featured web proxy cache designed to run on Unix systems. It suppor...
[ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
CVE-2004-0541
Buffer overflow in the ntlmcheckauth NTLM authentication function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password "pass" variable...