5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and
3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow
remote attackers to cause a denial of service (memory consumption) via (1)
invalid Content-Length headers, (2) long POST requests, or (3) crafted
authentication credentials.
Author | Note |
---|---|
jdstrand | please see also see CVE-2013-0189 which is a new CVE for the incomplete fix |
seth-arnold | The webserver should be configured to restrict access to cachemgr.cgi; this script shouldnโt be exposed to untrusted users |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | squid | <ย 2.7.STABLE7-1ubuntu12.6 | UNKNOWN |
ubuntu | 11.10 | noarch | squid3 | <ย 3.1.14-1ubuntu0.3 | UNKNOWN |
ubuntu | 12.04 | noarch | squid3 | <ย 3.1.19-1ubuntu3.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | squid3 | <ย 3.1.20-1ubuntu1.1 | UNKNOWN |
ubuntu | 13.04 | noarch | squid3 | <ย 3.1.20-1ubuntu2 | UNKNOWN |