Mandrake Security Advisory MDVSA-2009:241 (squid)

The remote host is missing an update to squid announced via advisory MDVSA-2009:241. OpenVAS Vulnerability Test $Id: mdksa2009241.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:241 squid Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2009-2855

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...