182 matches found
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-2654
Squid Web Proxy Cache is affected by CVE-2004-2654. The vulnerability resides in clientAbortBody() in client_side.c and can trigger a null-dereference, allowing remote denial of service. Affected version line: before 2.6 STABLE6. The issue is not the buffer overflow claim; vendor reports indicate...
DSA-809-3 squid - assertion error
Bulletin has no description...
security flaw
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages...
CVE-2004-2480
CVE-2004-2480 affects Squid Web Proxy Cache 2.3.STABLE5. The vulnerability allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL processed by Internet Explorer. The provided materials do not specify root cause details, affected versions beyo...
CVE-2004-2479
The CVE-2004-2479 issue affects Squid Web Proxy Cache (2.5 era) where a remote attacker can cause DNS operations to fail by submitting URLs with invalid hostnames, leading Squid to reference previously used error messages. Connected advisories confirm this vulnerability and describe updates to Sq...
security flaw
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 751-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...
squid security update
CentOS Errata and Security Advisory CESA-2005:415 An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A race condition bug was found ...
Debian DSA-651-1 : squid - buffer overflow, integer overflow
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : - CAN-2005-0094 'infamous41md' discovered a buffer overflow in the parser for Gopher responses...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-0918
CVE-2004-0918: Squid’s SNMP parser (asn_parse_header in asn1.c) before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) by sending SNMP packets with negative length fields that trigger a memory allocation error. The issue yields a partial availability impact and i...
CVE-2004-0918
The asnparseheader function asn1.c in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service server restart via certain SNMP packets with negative length fields that trigger a memory allocation error...
[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability
Squid Web Proxy Cache Remote Denial of Service Vulnerability iDEFENSE Security Advisory 10.11.04: www.idefense.com/application/poi/display?id=152&type=vulnerabilities October 11, 2004 I. BACKGROUND Squid Web Proxy Cache is a full-featured web proxy cache designed to run on Unix systems. It suppor...
[ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
CVE-2004-0541
Buffer overflow in the ntlmcheckauth NTLM authentication function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password "pass" variable...
CVE-2004-0541
CVE-2004-0541 affects Squid Web Proxy Cache (2.5.x and 3.x when built with NTLM handlers). The issue is a buffer overflow in the NTLM authenticate path, specifically in ntlm_check_auth, where a long password can overflow the local buffer and enable remote code execution. Public references show ex...