CVE-2013-0189

2013-01-1600:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.055 Low

EPSS

Percentile

93.1%

JSON

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other
versions, allows remote attackers to cause a denial of service (resource
consumption) via a crafted request. NOTE: this issue is due to an incorrect
fix for CVE-2012-5643, possibly involving an incorrect order of arguments
or incorrect comparison.

Notes

Author	Note
seth-arnold	The webserver should be configured to restrict access to cachemgr.cgi; this script shouldn’t be exposed to untrusted users

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchsquid< 2.7.STABLE7-1ubuntu12.6UNKNOWN
ubuntu11.10noarchsquid3< 3.1.14-1ubuntu0.3UNKNOWN
ubuntu12.04noarchsquid3< 3.1.19-1ubuntu3.12.04.2UNKNOWN
ubuntu12.10noarchsquid3< 3.1.20-1ubuntu1.1UNKNOWN
ubuntu13.04noarchsquid3< 3.1.20-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	squid	< 2.7.STABLE7-1ubuntu12.6	UNKNOWN
ubuntu	11.10	noarch	squid3	< 3.1.14-1ubuntu0.3	UNKNOWN
ubuntu	12.04	noarch	squid3	< 3.1.19-1ubuntu3.12.04.2	UNKNOWN
ubuntu	12.10	noarch	squid3	< 3.1.20-1ubuntu1.1	UNKNOWN
ubuntu	13.04	noarch	squid3	< 3.1.20-1ubuntu2	UNKNOWN