The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.
ed746a61d9cbccb1057c23e5434dfedf83d50e04a1748a6e70de3df682955ee4Red Hat Security Advisory 2021-4292-02 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include denial of service and integer overflow vulnerabilities.
44dde0c6aa32febf96146f274291765b74b1aae8e28cdf03022d9eab0e1caee9Debian Linux Security Advisory 4924-1 - Multiple denial of service vulnerabilities were discovered in the Squid proxy caching server.
bb078100916e24e9f6fab4cdffd1581bfb25135effcfd1ea0796c419492e9ab7Ubuntu Security Notice 4981-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. Joshua Rogers discovered that Squid incorrectly handled requests to the Cache Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.
5f73be4fd8bb6e49cdf2fb128fc4a0c34429d328f98775c05ee84b4c5044d2b9Gentoo Linux Security Advisory 202105-14 - Multiple vulnerabilities have been found in Squid, the worst of which could result in a Denial of Service condition. Versions less than 4.15 are affected.
f90ca34e9e31fae3683aafe918e223a86b8b36eac92a681b26440c11aba9310a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed