Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12083
HistoryAug 21, 2009 - 12:00 a.m.

Squid外部认证头解析器拒绝服务漏洞

2009-08-2100:00:00
Root
www.seebug.org
17

0.965 High

EPSS

Percentile

99.5%

JSON

CVE(CAN) ID: CVE-2009-2855

Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。

Squid的src/HttpHeaderTools.c文件中的strListGetItem函数中存在拒绝服务漏洞。如果远程攻击者向服务器发送了包含有某些逗号分隔符的特制认证头,就可以在strcspn函数中触发死循环,导致服务崩溃。

Squid Web Proxy Cache 2.7
厂商补丁:

Squid

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982

Related

ubuntucve 1
cve 1
veracode 1
openvas 14
nessus 16
checkpoint_advisories 1
debiancve 1
securityvulns 4
prion 1
ubuntu 1
debian 1
osv 1
oraclelinux 1
redhat 1
gentoo 1
ubuntucve
ubuntucve
CVE-2009-2855
2009-08-18 00:00:00
cve
cve
CVE-2009-2855
2009-08-18 21:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:42
openvas
openvas
Mandrake Security Advisory MDVSA-2009:241 (squid)
2009-09-28 00:00:00
Mandriva Update for squid MDVSA-2009:241-1 (squid)
2010-01-15 00:00:00
Squid < 3.1.4 External Auth Header Parser DoS Vulnerabilities
2009-08-24 00:00:00
nessus
nessus
Squid < 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23 strListGetItem Function Remote DoS
2010-02-05 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2009:241-1)
2010-01-12 00:00:00
SuSE 10 Security Update : squid (ZYPP Patch Number 6931)
2010-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid strListGetItem Denial of Service (CVE-2009-2855)
2010-05-09 00:00:00
debiancve
debiancve
CVE-2009-2855
2009-08-18 21:00:00
securityvulns
securityvulns
[ MDVSA-2009:241 ] squid
2009-09-23 00:00:00
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 00:00:00
squid proxy server DoS
2010-02-04 00:00:00
prion
prion
Code injection
2009-08-18 21:00:00
ubuntu
ubuntu
Squid vulnerabilities
2010-02-16 00:00:00
debian
debian
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 08:46:53
osv
osv
squid squid3 - denial of service
2010-02-04 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2010-04-05 00:00:00
redhat
redhat
(RHSA-2010:0221) Low: squid security and bug fix update
2010-03-30 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00

0.965 High

EPSS

Percentile

99.5%

JSON
Related for SSV:12083
ubuntucve1cve1veracode1openvas14nessus16checkpoint_advisories1debiancve1securityvulns4prion1ubuntu1debian1osv1oraclelinux1redhat1gentoo1