34 matches found
USN-6907-1: Squid vulnerability
Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes ESI processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service...
USN-6594-1: Squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2023-49285 Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote...
[SECURITY] [DLA 3151-1] squid security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 13, 2022 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DSA-4751-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4446-1: Squid vulnerabilities
Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
Debian DSA-4122-1 : squid3 - security update
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A...
[SECURITY] [DSA 4122-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4122-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3745-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
[SECURITY] [DSA 3327-1] squid3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 03, 2015 https://www.debian.org/security/faq -...
Debian DSA-3014-1 : squid3 - security update
Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[SECURITY] [DSA 3014-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3014-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 28, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2631-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2630-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 24, 2013 http://www.debian.org/security/faq -...
Squid Web代理缓存HTCP请求远程拒绝服务漏洞
BUGTRAQ ID: 38212 CVE ID: CVE-2010-0639 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 远程攻击者可以通过向Squid的HTCP端口发送畸形报文触发空指针引用,导致Squid崩溃。 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 对于Squid-2.x 明确配置htcpport...
Debian DSA-1732-1 : squid3 - denial of service
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
多个HTTP代理HTTP Host头错误中继行为漏洞
BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接,而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值,这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接,因此攻击者可以连接到代理可连接到的任何网站或资源,包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...
Debian Security Advisory DSA 809-1 (squid)
The remote host is missing an update to squid announced via advisory DSA 809-1. Several vulnerabilities have been discovered in Squid, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2794 Certain aborted requests that trigg...
Squid Proxy FTP URI远程拒绝服务漏洞
Squid是一款开放源代码的代理服务器。 Squid处理FTP URI存在安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的FTP URI,在让Squid处理时,可导致代理服务器崩溃: ftp://www.example.com/sample/directory;type=d Squid Web Proxy Cache 2.6.STABLE6 Squid Web Proxy Cache 2.6.STABLE5 Squid Web Proxy Cache 2.6.STABLE4 Squid Web Proxy Cache 2.6.STABLE3 Squid Web...
CentOS 3 / 4 : squid (CESA-2005:766)
An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid displays error messages. A remote attacker could...