Lucene search
Ubuntu.comUB:CVE-2009-2855HistoryAug 18, 2009 - 12:00 a.m.
CVE-2009-2855
2009-08-1800:00:00
ubuntu.com
ubuntu.com
8
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows
remote attackers to cause a denial of service via a crafted auth header
with certain comma delimiters that trigger an infinite loop of calls to the
strcspn function.
Bugs
- <http://bugs.squid-cache.org/show_bug.cgi?id=2541>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982>
- <https://bugzilla.redhat.com/show_bug.cgi?id=518182>
Notes
| Author | Note |
|---|---|
| mdeslaur | reproducer in RH bug reproducer doesn’t work on 2.5 and 2.6, as code is different. don’t seem to be vulnerable. |
| micahg | http://packages.debian.org/changelogs/pool/main/s/squid3/current/changelog#version3.0.STABLE19-1 shows this CVE fixed, so marking as not-affected for lucid |
Related
cve
cve
CVE-2009-2855
2009-08-18 21:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:42
openvas
openvas
Mandrake Security Advisory MDVSA-2009:241 (squid)
2009-09-28 00:00:00
Mandriva Update for squid MDVSA-2009:241-1 (squid)
2010-01-15 00:00:00
Squid < 3.1.4 External Auth Header Parser DoS Vulnerabilities
2009-08-24 00:00:00
nessus
nessus
Squid < 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23 strListGetItem Function Remote DoS
2010-02-05 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2009:241-1)
2010-01-12 00:00:00
SuSE 10 Security Update : squid (ZYPP Patch Number 6931)
2010-10-11 00:00:00
seebug
seebug
Squid外部认证头解析器拒绝服务漏洞
2009-08-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid strListGetItem Denial of Service (CVE-2009-2855)
2010-05-09 00:00:00
debiancve
debiancve
CVE-2009-2855
2009-08-18 21:00:00
securityvulns
securityvulns
[ MDVSA-2009:241 ] squid
2009-09-23 00:00:00
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 00:00:00
squid proxy server DoS
2010-02-04 00:00:00
prion
prion
Code injection
2009-08-18 21:00:00
ubuntu
ubuntu
Squid vulnerabilities
2010-02-16 00:00:00
debian
debian
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 08:46:53
osv
osv
squid squid3 - denial of service
2010-02-04 00:00:00
redhat
redhat
(RHSA-2010:0221) Low: squid security and bug fix update
2010-03-30 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2010-04-05 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
Related for UB:CVE-2009-2855