Lucene search
Ubuntu.comUB:CVE-2012-5643HistoryDec 20, 2012 - 12:00 a.m.
CVE-2012-5643
2012-12-2000:00:00
ubuntu.com
ubuntu.com
10
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and
3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow
remote attackers to cause a denial of service (memory consumption) via (1)
invalid Content-Length headers, (2) long POST requests, or (3) crafted
authentication credentials.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | please see also see CVE-2013-0189 which is a new CVE for the incomplete fix |
| seth-arnold | The webserver should be configured to restrict access to cachemgr.cgi; this script shouldnโt be exposed to untrusted users |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | squid | <ย 2.7.STABLE7-1ubuntu12.6 | UNKNOWN |
| ubuntu | 11.10 | noarch | squid3 | <ย 3.1.14-1ubuntu0.3 | UNKNOWN |
| ubuntu | 12.04 | noarch | squid3 | <ย 3.1.19-1ubuntu3.12.04.2 | UNKNOWN |
| ubuntu | 12.10 | noarch | squid3 | <ย 3.1.20-1ubuntu1.1 | UNKNOWN |
| ubuntu | 13.04 | noarch | squid3 | <ย 3.1.20-1ubuntu2 | UNKNOWN |
References
Related
nessus
nessus
securityvulns
securityvulns
[ MDVSA-2013:013 ] squid
2013-02-24 00:00:00
squid cachemanager DoS
2013-02-24 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2631-1)
2013-02-23 00:00:00
Debian Security Advisory DSA 2631-1 (squid3 - denial of service)
2013-02-24 00:00:00
Fedora Update for squid FEDORA-2013-1625
2013-02-11 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: squid-3.2.5-2.fc18
2013-02-08 16:55:06
[SECURITY] Fedora 17 Update: squid-3.2.5-2.fc17
2013-02-08 17:02:49
[SECURITY] Fedora 17 Update: squid-3.2.9-1.fc17
2013-04-05 23:00:38
prion
prion
Design/Logic Flaw
2013-02-08 20:55:00
Authentication flaw
2012-12-20 12:02:00
Design/Logic Flaw
2013-10-04 23:55:00
debian
debian
[SECURITY] [DSA 2631-1] squid3 security update
2013-02-24 10:51:43
ubuntu
ubuntu
Squid vulnerabilities
2013-01-31 00:00:00
ubuntucve
ubuntucve
CVE-2013-0189
2013-01-16 00:00:00
cve
cve
seebug
seebug
Squid 'cachemgr.cgi'ไธๅฎๆดไฟฎๅค่ฟ็จๆ็ปๆๅกๆผๆด
2013-02-03 00:00:00
debiancve
debiancve
CVE-2013-0189
2013-02-08 20:55:00
CVE-2012-5643
2012-12-20 12:02:00
freebsd
freebsd
squid -- denial of service
2012-12-17 00:00:00
osv
osv
squid3 - denial of service
2013-02-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:14
redhat
redhat
(RHSA-2013:0505) Moderate: squid security and bug fix update
2013-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy Cache cachemgr.cgi Resource Exhaustion (CVE-2012-5643)
2012-12-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.1.23-alt1
2013-01-28 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2013-02-22 00:00:00
centos
centos
squid security update
2013-02-27 19:38:48
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00
suse
suse
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.964 High
EPSS
Percentile
99.5%
Related for UB:CVE-2012-5643