50 matches found
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...
EUVD-2004-2470
Malware in sbrugna...
EUVD-2004-2644
Malware in sbrugna...
EUVD-2004-2471
Malware in sbrugna...
EUVD-2025-31363
Malicious code in bioql PyPI...
DEBIAN-CVE-2024-25111
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...
USN-5104-1: Squid vulnerability
Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information...
ALPINE-CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
Sarg: Local privilege escalation
Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description A flaw in Sarg’s handling of temporary directories was discovered. Impact A local attacker may be able to escalate...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
National Science Foundation Squid Web Proxy 1.0/1.1/2.1 Authentication Failure
No description provided by source. source: http://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external...
Squid Web Proxy 2.3 Reverse Proxy Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3062/info Squid is a free client-side web proxy that retrieves cached web pages for quick browsers and a reduction in bandwidth consumption. Squid servers, when configured as an HTTP accelerator only, may allow remote...
Squid Web代理缓存HTCP请求远程拒绝服务漏洞
BUGTRAQ ID: 38212 CVE ID: CVE-2010-0639 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 远程攻击者可以通过向Squid的HTCP端口发送畸形报文触发空指针引用,导致Squid崩溃。 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 对于Squid-2.x 明确配置htcpport...
DEBIAN-CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...
Squid Web代理缓存HTTP版本号解析拒绝服务漏洞
BUGTRAQ ID: 33604 CVECAN ID: CVE-2009-0478 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 Squid没有正确地处理畸形的HTTP版本号,远程客户端可以向服务器发送特制请求导致拒绝服务的情况。 Squid Web Proxy Cache 3.1 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.7 厂商补丁: Squid -----...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
SUSE-SA:2005:053: squid
The remote host is missing the patch for the advisory SUSE-SA:2005:053 squid. This update of the Squid web-proxy fixes two remotely exploitable denial of service vulnerabilities. One can be triggered by aborting a request CVE-2005-2794 due to a faulty assertion. The other one occurs in...
CVE-2004-2479
The CVE-2004-2479 issue affects Squid Web Proxy Cache (2.5 era) where a remote attacker can cause DNS operations to fail by submitting URLs with invalid hostnames, leading Squid to reference previously used error messages. Connected advisories confirm this vulnerability and describe updates to Sq...
CVE-2004-2480
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer...