Vulnerabilites related to squid - squid
var-201009-0314
Vulnerability from variot
Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"id": "VAR-201009-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"last_update_date": "2022-05-04T09:06:16.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid string handling null pointer application denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.squid-cache.org/advisories/squid-2010_3.txthttp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid String Handling Null Pointer Application Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
}
}
var-200502-0104
Vulnerability from variot
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user's browser. This issue results from insufficient sanitization of user-supplied data. Squid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 667-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq
Package : squid Vulnerability : several Problem-Type : remote Debian-specific: no CVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2005-0173
LDAP is very forgiving about spaces in search filters and this
could be abused to log in using several variants of the login
name, possibly bypassing explicit access controls or confusing
accounting.
CAN-2005-0211
The length argument of the WCCP recvfrom() call is larger than it
should be. An attacker may send a larger than normal WCCP packet
that could overflow a buffer.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody6.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-7.
We recommend that you upgrade your squid package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc
Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz
Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228
Alpha architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0
ARM architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV R0Sv6Ly/9lV7nT/fQbPRyv8= =LwDu -----END PGP SIGNATURE-----
. --------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated squid package fixes security issues Advisory ID: FLSA:152809 Issue date: 2006-02-18 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0173 CVE-2005-0174 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211 CVE-2005-0241 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-2005-1345 CVE-1999-0710 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-2796 CVE-2005-2917
- Topic:
An updated Squid package that fixes several security issues is now available.
- Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386
- Problem description:
A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0541 to this issue.
An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0832 to this issue.
iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0918 to this issue.
A buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to this issue.
An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.
A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to this issue.
A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0097 to this issue.
A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0173 to this issue.
The way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0174 and CVE-2005-0175 to these issues.
When processing the configuration file, Squid parses empty Access Control Lists (ACLs) and proxy_auth ACLs without defined auth schemes in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to this issue.
A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0211 to this issue.
A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0241 to this issue.
A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue.
A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue.
A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue.
A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue.
A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue.
A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue.
A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2479 to this issue.
Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues.
A bug was found in the way Squid handles certain request sequences while performing NTLM authentication. It is possible for an attacker to cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2917 to this issue.
Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (.rpm) if your current directory only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
- Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809
- RPMs required:
Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
- Verification:
SHA1 sum Package Name
5db383926b0358e7b1a74cd0c84d3c253fae82a6 redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm 8d2b75252ee52b9fe943d4478960e30508bae4ea redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm d90f37a598d6789876d85fc41297fb6d6957711d redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm c6f5927ebca3000a5d9cb2d52912e9ea989ee8eb redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm 4e1d0e1546e50f3f694617ce641b31230b3989ad fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm 03e318f01302e6305d368349ea778ac9f104839d fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm 9eb87b9c886d2c72d6ecefa3f70e016d65de9574 fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm 6aab32f2cb1e01196722d2ee6e980dc3915d788b fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
- References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917
- Contact:
The Fedora Legacy security contact is secnotice@fedoralegacy.org. More project details at http://www.fedoralegacy.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200502-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "squid",
"version": null
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable2"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable3",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable1",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable2",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "weblogic server",
"scope": "lte",
"trust": 0.8,
"vendor": "bea",
"version": "8.1 sp2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "squid",
"scope": "lte",
"trust": 0.8,
"vendor": "squid cache",
"version": "2.5 stable7"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet security and acceleration server",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.1"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.017"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.016"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.008"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.217"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.216"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.215"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.212"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.211"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.210"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.200"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.030"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.027"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.026"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.025"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.024"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.023"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.016"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "netcache",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "science foundation squid web proxy stable7",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable6",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable1",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.1"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.3"
},
{
"model": "systems weblogic server for win32 sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server for win32",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "web proxy cache .stable9",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable8",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bea:weblogic_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:isa_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "12433"
}
],
"trust": 0.3
},
"cve": "CVE-2005-0175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0175",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0175",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#768702",
"trust": 0.8,
"value": "10.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#625878",
"trust": 0.8,
"value": "7.50"
},
{
"author": "NVD",
"id": "CVE-2005-0175",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user\u0027s browser. This issue results from insufficient sanitization of user-supplied data. \nSquid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. \nExploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. \nWhile the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. \nThis vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 667-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211\n\nSeveral vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCAN-2005-0173\n\n LDAP is very forgiving about spaces in search filters and this\n could be abused to log in using several variants of the login\n name, possibly bypassing explicit access controls or confusing\n accounting. \n\nCAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is larger than it\n should be. An attacker may send a larger than normal WCCP packet\n that could overflow a buffer. \n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-7. \n\nWe recommend that you upgrade your squid package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc\n Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz\n Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz\n Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.5 (GNU/Linux)\n\niD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV\nR0Sv6Ly/9lV7nT/fQbPRyv8=\n=LwDu\n-----END PGP SIGNATURE-----\n\n. ---------------------------------------------------------------------\n Fedora Legacy Update Advisory\n\nSynopsis: Updated squid package fixes security issues\nAdvisory ID: FLSA:152809\nIssue date: 2006-02-18\nProduct: Red Hat Linux, Fedora Core\nKeywords: Bugfix\nCVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918\n CVE-2005-0094 CVE-2005-0095 CVE-2005-0096\n CVE-2005-0097 CVE-2005-0173 CVE-2005-0174\n CVE-2005-0175 CVE-2005-0194 CVE-2005-0211\n CVE-2005-0241 CVE-2005-0446 CVE-2005-0626\n CVE-2005-0718 CVE-2005-1345 CVE-1999-0710\n CVE-2005-1519 CVE-2004-2479 CVE-2005-2794\n CVE-2005-2796 CVE-2005-2917\n\n---------------------------------------------------------------------\n\n\n---------------------------------------------------------------------\n1. Topic:\n\nAn updated Squid package that fixes several security issues is now\navailable. \n\n2. Relevant releases/architectures:\n\nRed Hat Linux 7.3 - i386\nRed Hat Linux 9 - i386\nFedora Core 1 - i386\nFedora Core 2 - i386\n\n3. Problem description:\n\nA buffer overflow was found within the NTLM authentication helper\nroutine. If Squid is configured to use the NTLM authentication helper,\na remote attacker could potentially execute arbitrary code by sending a\nlengthy password. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0541 to this issue. \n\nAn out of bounds memory read bug was found within the NTLM\nauthentication helper routine. If Squid is configured to use the NTLM\nauthentication helper, a remote attacker could send a carefully crafted\nNTLM authentication packet and cause Squid to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0832 to this issue. \n\niDEFENSE reported a flaw in the squid SNMP module. This flaw could allow\nan attacker who has the ability to send arbitrary packets to the SNMP\nport to restart the server, causing it to drop all open connections. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0918 to this issue. \n\nA buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious\nweb page (for example) could redirect or contain a frame pointing to an\nattacker\u0027s malicious gopher server. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to\nthis issue. \n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid\u0027s\n\"home router\". The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue. \n\nA memory leak was found in the NTLM fakeauth_auth helper. It is possible\nthat an attacker could place the Squid server under high load, causing\nthe NTML fakeauth_auth helper to consume a large amount of memory,\nresulting in a denial of service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to\nthis issue. \n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth\nhelper. It is possible for an attacker to send a malformed NTLM type 3\nmessage, causing the Squid server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0097 to this issue. \n\nA username validation bug was found in squid_ldap_auth. It is possible\nfor a username to be padded with spaces, which could allow a user to\nbypass explicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0173 to this issue. \n\nThe way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the names CVE-2005-0174\nand CVE-2005-0175 to these issues. \n\nWhen processing the configuration file, Squid parses empty Access\nControl Lists (ACLs) and proxy_auth ACLs without defined auth schemes in\na way that effectively removes arguments, which could allow remote\nattackers to bypass intended ACLs. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to\nthis issue. \n\nA buffer overflow bug was found in the WCCP message parser. It is\npossible that an attacker could send a malformed WCCP message which\ncould crash the Squid server or execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0211 to this issue. \n\nA bug was found in the way Squid handled oversized HTTP response\nheaders. It is possible that a malicious web server could send a\nspecially crafted HTTP header which could cause the Squid cache to be\npoisoned, presenting users with incorrect webpages. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0241 to this issue. \n\nA bug was found in the way Squid handles FQDN lookups. It was possible\nto crash the Squid server by sending a carefully crafted DNS response to\nan FQDN lookup. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. \n\nA race condition bug was found in the way Squid handles the now obsolete\nSet-Cookie header. It is possible that Squid can leak Set-Cookie header\ninformation to other clients connecting to Squid. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0626 to this issue. \n\nA bug was found in the way Squid handles PUT and POST requests. It is\npossible for an authorised remote user to cause a failed PUT or POST\nrequest which can cause Squid to crash. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to\nthis issue. \n\nA bug was found in the way Squid processes errors in the access control\nlist. It is possible that an error in the access control list could give\nusers more access than intended. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to\nthis issue. \n\nA bug was found in the way Squid handles access to the cachemgr.cgi\nscript. It is possible for an authorised remote user to bypass access\ncontrol lists with this flaw. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-1999-0710 to this\nissue. \n\nA bug was found in the way Squid handles DNS replies. If the port Squid\nuses for DNS requests is not protected by a firewall it is possible for\na remote attacker to spoof DNS replies, possibly redirecting a user to\nspoofed or malicious content. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2005-1519 to this\nissue. \n\nA bug was found in the way Squid displays error messages. A remote\nattacker could submit a request containing an invalid hostname which\nwould result in Squid displaying a previously used error message. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-2479 to this issue. \n\nTwo denial of service bugs were found in the way Squid handles malformed\nrequests. A remote attacker could submit a specially crafted request to\nSquid that would cause the server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the names\nCVE-2005-2794 and CVE-2005-2796 to these issues. \n\nA bug was found in the way Squid handles certain request sequences while\nperforming NTLM authentication. It is possible for an attacker to cause\nSquid to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2917 to this issue. \n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which\nare not installed but included in the list will not be updated. Note\nthat you can also use wildcards (*.rpm) if your current directory *only*\ncontains the desired RPMs. \n\nPlease note that this update is also available via yum and apt. Many\npeople find this an easier way to apply updates. To use yum issue:\n\nyum update\n\nor to use apt:\n\napt-get update; apt-get upgrade\n\nThis will start an interactive process that will result in the\nappropriate RPMs being upgraded on your system. This assumes that you\nhave yum or apt-get configured for obtaining Fedora Legacy content. \nPlease visit http://www.fedoralegacy.org/docs for directions on how to\nconfigure yum and apt-get. \n\n5. Bug IDs fixed:\n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809\n\n6. RPMs required:\n\nRed Hat Linux 7.3:\nSRPM:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n\nRed Hat Linux 9:\n\nSRPM:\nhttp://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\n\nFedora Core 1:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n\nFedora Core 2:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n\n\n7. Verification:\n\nSHA1 sum Package Name\n---------------------------------------------------------------------\n\n5db383926b0358e7b1a74cd0c84d3c253fae82a6\nredhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n8d2b75252ee52b9fe943d4478960e30508bae4ea\nredhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\nd90f37a598d6789876d85fc41297fb6d6957711d\nredhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\nc6f5927ebca3000a5d9cb2d52912e9ea989ee8eb\nredhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n4e1d0e1546e50f3f694617ce641b31230b3989ad\nfedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n03e318f01302e6305d368349ea778ac9f104839d\nfedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n9eb87b9c886d2c72d6ecefa3f70e016d65de9574\nfedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n6aab32f2cb1e01196722d2ee6e980dc3915d788b\nfedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\nThese packages are GPG signed by Fedora Legacy for security. Our key is\navailable from http://www.fedoralegacy.org/about/security.php\n\nYou can verify each package with the following command:\n\n rpm --checksig -v \u003cfilename\u003e\n\nIf you only wish to verify that each package has not been corrupted or\ntampered with, examine only the sha1sum with the following command:\n\n sha1sum \u003cfilename\u003e\n\n8. References:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917\n\n9. Contact:\n\nThe Fedora Legacy security contact is \u003csecnotice@fedoralegacy.org\u003e. More\nproject details at http://www.fedoralegacy.org\n\n---------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
},
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#625878",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2005-0175",
"trust": 2.9
},
{
"db": "BID",
"id": "12433",
"trust": 2.7
},
{
"db": "BID",
"id": "9804",
"trust": 1.1
},
{
"db": "BID",
"id": "13435",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#768702",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066",
"trust": 0.8
},
{
"db": "SUSE",
"id": "SUSE-SA:2005:006",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050207 [USN-77-1] SQUID VULNERABILITIES",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FLSA-2006:152809",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2005-373",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2005:034",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2005:931",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-667",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:061",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "36038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44000",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"id": "VAR-200502-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T19:41:24.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APAR PQ91361",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007466"
},
{
"title": "APAR PQ90505",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007467"
},
{
"title": "si-040819a",
"trust": 0.8,
"url": "https://www-6.ibm.com/jp/services/security/secinfo/si-040819a.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-061.html"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-060.html"
},
{
"title": "squid-2.5.STABLE7-response_splitting",
"trust": 0.8,
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/index.html#squid-2.5.STABLE7-response_splitting"
},
{
"title": "SQUID-2005_5",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2005/TLSA-2005-24.txt"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-060J.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-061J.html"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2005/TLSA-2005-24j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/12433"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-response_splitting"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/advisories/squid-2005_5.txt"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-061.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-060.html"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-may/msg00025.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:034"
},
{
"trust": 1.6,
"url": "http://fedoranews.org/updates/fedora--.shtml"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11605"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0175"
},
{
"trust": 0.8,
"url": "https://www.watchfire.com/securearea/whitepapers.aspx?id=8"
},
{
"trust": 0.8,
"url": "http://www.watchfire.com/resources/http-request-smuggling.pdf"
},
{
"trust": 0.8,
"url": "http://www.squid-cache.org/advisories/squid-2005_4.txt"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-034.mspx"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23625878"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0175"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13435"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9804"
},
{
"trust": 0.6,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-header_parsing"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-061.html"
},
{
"trust": 0.3,
"url": "http://www.astaro.org/showflat.php?cat=\u0026number=56136\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#56136"
},
{
"trust": 0.3,
"url": "http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0175"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0541"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0241"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.stable1-9.10.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2917"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1345"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/srpms/squid-2.4.stable7-0.73.3.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.stable7-0.73.3.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0718"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0626"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/srpms/squid-2.5.stable1-9.10.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0710"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/srpms/squid-2.5.stable3-2.fc1.6.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/about/security.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0174"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.stable9-1.fc2.4.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1519"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.stable3-2.fc1.6.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2796"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2479"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0918"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0832"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2794"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/docs"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/srpms/squid-2.5.stable9-1.fc2.4.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0446"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2005-02-02T00:00:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-02-06T05:17:53",
"db": "PACKETSTORM",
"id": "36038"
},
{
"date": "2006-02-20T20:39:21",
"db": "PACKETSTORM",
"id": "44000"
},
{
"date": "2005-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2005-02-07T05:00:00",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2007-08-08T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2007-02-22T02:16:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2024-11-20T23:54:33.840000",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple devices process HTTP requests inconsistently",
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
}
}
var-201109-0081
Vulnerability from variot
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2304-1 security@debian.org http://www.debian.org/security/ Nico Golde Sep 11, 2011 http://www.debian.org/security/faq
Package : squid3 Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : 639755 CVE IDs : CVE-2011-3205
Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies.
For the oldstable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny5.
For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 3.1.15-1.
For the unstable distribution (sid), this problem has been fixed in version 3.1.15-1.
We recommend that you upgrade your squid3 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 =====================================================================
- Summary:
An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. (CVE-2011-3205)
Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm
s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: Squid Gopher Response Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA45805
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
RELEASE DATE: 2011-08-30
DISCUSS ADVISORY: http://secunia.com/advisories/45805/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45805/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
This is related to vulnerability #2 in: SA13825
The vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25 and 3.1.x prior to 3.1.14
SOLUTION: Update to version 3.0.STABLE26 or 3.1.15.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Hawkes, Google Security Team.
ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
For more information: SA45805
SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24
http://security.gentoo.org/
Severity: High Title: Squid: Multiple vulnerabilities Date: October 26, 2011 Bugs: #279379, #279380, #301828, #334263, #381065, #386215 ID: 201110-24
Synopsis
Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-proxy/squid < 3.1.15 >= 3.1.15
Description
Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All squid users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621 [ 2 ] CVE-2009-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622 [ 3 ] CVE-2009-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855 [ 4 ] CVE-2010-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308 [ 5 ] CVE-2010-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639 [ 6 ] CVE-2010-2951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951 [ 7 ] CVE-2010-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072 [ 8 ] CVE-2011-3205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.1.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.17"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.1,
"vendor": "squid cache",
"version": "3.1.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable23"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable19"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable20"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable24"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable21"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable22"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable25"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable17"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2.0.11"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0.stable26"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.x"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.13"
},
{
"model": "3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable18",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable21",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.14"
},
{
"model": "3.0.stable8",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy 3.0.stable26",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable22",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable7",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable13",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.10"
},
{
"model": "3.0.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable23",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable15",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable16 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable20",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy cache",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.11"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "3.0.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "3.0.stable4",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "3.0.stable3",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable12",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable2",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable17",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.15"
},
{
"model": "3.0.stable1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable11",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable24",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1"
},
{
"model": "3.0.stable11 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable9",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable14",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.1"
},
{
"model": "3.0.stable19",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "3.0.stable10",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy 3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable16",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
}
],
"trust": 0.5
},
"cve": "CVE-2011-3205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3205",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3205",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2304-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSep 11, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid3\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian bug : 639755\nCVE IDs : CVE-2011-3205\n\nBen Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1. \n\nWe recommend that you upgrade your squid3 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: squid security update\nAdvisory ID: RHSA-2011:1293-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html\nIssue date: 2011-09-14\nCVE Names: CVE-2011-3205 \n=====================================================================\n\n1. Summary:\n\nAn updated squid package that fixes one security issue is now available for\nRed Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nSquid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects. \n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nppc64:\nsquid-3.1.10-1.el6_1.1.ppc64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm\n\ns390x:\nsquid-3.1.10-1.el6_1.1.s390x.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3205.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA\nrDOr/svPTfi23jLvkODeYbk=\n=0hIH\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Gopher Response Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45805\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45805/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nRELEASE DATE:\n2011-08-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45805/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45805/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service) or potentially\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error when processing\nGopher responses and can be exploited to cause a buffer overflow via\nan overly long string. \n\nThis is related to vulnerability #2 in:\nSA13825\n\nThe vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25\nand 3.1.x prior to 3.1.14\n\nSOLUTION:\nUpdate to version 3.0.STABLE26 or 3.1.15. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Hawkes, Google Security Team. \n\nORIGINAL ADVISORY:\nhttp://www.squid-cache.org/Advisories/SQUID-2011_3.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nThe new Secunia Corporate Software Inspector (CSI) 5.0 \nIntegrates with Microsoft WSUS \u0026 SCCM and supports Apple Mac OS X. This fixes a vulnerability,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) or potentially compromise a vulnerable system. \n\nFor more information:\nSA45805\n\nSOLUTION:\nApply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Squid: Multiple vulnerabilities\n Date: October 26, 2011\n Bugs: #279379, #279380, #301828, #334263, #381065, #386215\n ID: 201110-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Squid allowing attackers to\nexecute arbitrary code or cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-proxy/squid \u003c 3.1.15 \u003e= 3.1.15\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Squid. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-proxy/squid-3.1.15\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 4, 2011. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621\n[ 2 ] CVE-2009-2622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622\n[ 3 ] CVE-2009-2855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855\n[ 4 ] CVE-2010-0308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308\n[ 5 ] CVE-2010-0639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639\n[ 6 ] CVE-2010-2951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951\n[ 7 ] CVE-2010-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072\n[ 8 ] CVE-2011-3205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3205",
"trust": 3.0
},
{
"db": "BID",
"id": "49356",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "45805",
"trust": 2.3
},
{
"db": "SECUNIA",
"id": "45920",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45906",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "46029",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45965",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1025981",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/29/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/8",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/4",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "74847",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3411",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "105002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106273",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"id": "VAR-201109-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
]
},
"last_update_date": "2024-11-28T22:38:58.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffer Overflow vulnerability in Squid",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"title": "SQUID-2011:3",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"title": "Squid Gopher Answers Patch for Handling Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4943"
},
{
"title": "Squid Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234527"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/49356"
},
{
"trust": 2.0,
"url": "http://www.squid-cache.org/advisories/squid-2011_3.txt"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065534.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46029"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45920"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:150"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45965"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45805"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45906"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v2/2.head/changesets/12710.patch"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1025981"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1293.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/74847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3205"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/45805/http"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3205"
},
{
"trust": 0.3,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.2,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1293.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3205.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45920"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45906"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46029"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/trial/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45965"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/#comments"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201110-24.xml"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2011-08-29T00:00:00",
"db": "BID",
"id": "49356"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2011-09-12T14:44:49",
"db": "PACKETSTORM",
"id": "105002"
},
{
"date": "2011-09-14T22:52:18",
"db": "PACKETSTORM",
"id": "105119"
},
{
"date": "2011-08-29T05:10:22",
"db": "PACKETSTORM",
"id": "104550"
},
{
"date": "2011-09-08T08:14:56",
"db": "PACKETSTORM",
"id": "104920"
},
{
"date": "2011-09-08T08:14:29",
"db": "PACKETSTORM",
"id": "104911"
},
{
"date": "2011-11-19T11:11:14",
"db": "PACKETSTORM",
"id": "107145"
},
{
"date": "2011-09-13T05:45:01",
"db": "PACKETSTORM",
"id": "105010"
},
{
"date": "2011-10-26T23:33:14",
"db": "PACKETSTORM",
"id": "106273"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2011-09-06T15:55:08.383000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2015-05-07T17:11:00",
"db": "BID",
"id": "49356"
},
{
"date": "2012-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2011-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2024-11-21T01:29:58.557000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gopher of gopherToHTML Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
}
],
"trust": 0.6
}
}
var-201008-0392
Vulnerability from variot
Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------
List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: Squid Long DNS Replies Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA41090
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
RELEASE DATE: 2010-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/41090/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41090/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior versions may also be affected.
SOLUTION: Update to version 3.1.7.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: Stephen Thorne
ORIGINAL ADVISORY: Squid 3.1.7 Announcement: http://marc.info/?l=squid-users&m=128263555724981&w=2
Squid Bug #3021: http://bugs.squid-cache.org/show_bug.cgi?id=3021
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.1
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------\n\n\nList of products vulnerable to insecure library loading vulnerabilities:\nhttp://secunia.com/_%22insecure%20library%20loading%22\n\nThe list is continuously updated as we confirm the vulnerability reports\nso check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Long DNS Replies Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41090\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41090/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nRELEASE DATE:\n2010-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41090/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41090/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 3.1.7. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nStephen Thorne\n\nORIGINAL ADVISORY:\nSquid 3.1.7 Announcement:\nhttp://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2\n\nSquid Bug #3021:\nhttp://bugs.squid-cache.org/show_bug.cgi?id=3021\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.63
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "41090",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1693",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "93260",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"id": "VAR-201008-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"last_update_date": "2022-05-17T01:51:49.011000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid\u0027s long DNS reply denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/881"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41090/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/_%22insecure%20library%20loading%22"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41090/#comments"
},
{
"trust": 0.1,
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"date": "2010-08-30T09:52:39",
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid Long DNS Reply Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.6
}
}
var-200505-0836
Vulnerability from variot
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. This vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0836",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.6.stable1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "gibraltar",
"version": "2.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clam anti virus",
"version": "0.90.2"
},
{
"model": "firewall a",
"scope": "ne",
"trust": 0.3,
"vendor": "gibraltar",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1711",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12920",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. \nThis vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1711",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014030",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.7
},
{
"db": "BID",
"id": "13713",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12920",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"id": "VAR-200505-0836",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:28:44.705000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014030"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/changes.php?onlylastversion=1\u0026htmloutput=1\u0026to=2.2a"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2005-05-23T00:00:00",
"db": "BID",
"id": "13713"
},
{
"date": "2005-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"date": "2005-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2009-07-12T14:56:00",
"db": "BID",
"id": "13713"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"date": "2024-11-20T23:57:57.470000",
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall Antivirus Scan Avoidance Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.9
}
}
Vulnerability from fkie_nvd
Published
2005-10-20 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5.stable11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E0E93D-2499-4600-BE99-C6CDE99374DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"id": "CVE-2005-3258",
"lastModified": "2024-11-21T00:01:28.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-20T10:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2151"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2024-11-21 00:25
Severity ?
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
},
{
"lang": "es",
"value": "La funci\u00f3n aclMatchExternal en Squid anterior a 2.6.STABLE7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) provocando una sobrecarga de la cola external_acl, lo cual provoca un bucle infinito."
}
],
"id": "CVE-2007-0248",
"lastModified": "2024-11-21T00:25:20.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera | 6.0.3 | |
| squid | squid | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4BDFF-55FC-4D2A-87BE-6B6B2320CA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"id": "CVE-2002-2414",
"lastModified": "2024-11-20T23:43:37.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
},
{
"lang": "es",
"value": "La funci\u00f3n de decodificaci\u00f3n de URL \"%xx\" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un car\u00e1cter nulo (\"%00\"), lo que hace que Squid use s\u00f3lo un parte de la URL solicitada para compararla con la lista de control de acceso."
}
],
"id": "CVE-2004-0189",
"lastModified": "2024-11-20T23:47:57.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5916"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-08 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"id": "CVE-2005-0626",
"lastModified": "2024-11-20T23:55:33.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/93-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/93-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90.2 | |
| gibraltar | gibraltar_firewall | 2.2 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gibraltar:gibraltar_firewall:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA242C-9328-484D-A8E8-D185DE475B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"id": "CVE-2005-1711",
"lastModified": "2024-11-20T23:57:57.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-14 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"id": "CVE-2005-0718",
"lastModified": "2024-11-20T23:55:45.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/111-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01315F91-D843-49EC-81B2-0FDDD95E0789",
"versionEndIncluding": "2.5_stable9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"id": "CVE-2005-1519",
"lastModified": "2024-11-20T23:57:32.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED784B-1BF3-4A13-B5BF-AFE7741B8002",
"versionEndIncluding": "2.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
},
{
"lang": "es",
"value": "Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticaci\u00f3n NTLM activada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete NTLMSSP que hace que se pase un valor negativo a memcpy."
}
],
"id": "CVE-2004-0832",
"lastModified": "2024-11-20T23:49:31.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "cve@mitre.org",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-11 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"id": "CVE-2005-0097",
"lastModified": "2024-11-20T23:54:24.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2024-11-21 00:25
Severity ?
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
},
{
"lang": "es",
"value": "El archivo squid/src/ftp.c en Squid versiones anteriores a 2.6.STABLE7, permite a los servidores FTP remotos causar una denegaci\u00f3n de servicio (volcado del n\u00facleo) por medio de respuestas de enumeraci\u00f3n de directorio FTP, posiblemente relacionadas con las funciones (1) ftpListingFinish y (2) ftpHtmlifyListEntry."
}
],
"id": "CVE-2007-0247",
"lastModified": "2024-11-21T00:25:20.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39839"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.6.stable1 | |
| suse | suse_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"id": "CVE-2005-3322",
"lastModified": "2024-11-21T00:01:37.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-26 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5187F-1587-43D4-801C-99C47F2AFC01",
"versionEndIncluding": "2.4_9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Squid anterior a 2.4.9 permite a un atacante remoto producir una denegaci\u00f3n de servicio, y probablemente ejecutar c\u00f3digo arbitrario, mediante respuestas DNS comprimidas."
}
],
"id": "CVE-2002-0163",
"lastModified": "2024-11-20T23:38:27.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE2 y versiones anteriores no deshabilita adecuadamente HTCP, incluso cuando \"\"htcp_port 0\"\" es especificado en el fichero squid.conf, el cual podr\u00eda permitir a atacantes remotos saltarse las restricciones de acceso."
}
],
"id": "CVE-2002-0067",
"lastModified": "2024-11-20T23:38:13.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5379"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"id": "CVE-2005-0175",
"lastModified": "2024-11-20T23:54:33.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"id": "CVE-2005-1345",
"lastModified": "2024-11-20T23:57:08.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 18:19
Modified
2024-11-21 00:28
Severity ?
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8BCEDD-FB0A-4B5F-97FA-185CE6EE9A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "F09C974D-7BCB-450C-B730-1E92719A0763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "551B1272-D426-40B4-94D5-1F7DD8897F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EFC173-02B7-4F2A-A42F-5C14204737A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "A6667E4C-C1B6-416C-9862-6CF618692E15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
},
{
"lang": "es",
"value": "La funci\u00f3n clientProcessRequest() en el archivo src/client_side.c en Squid versiones 2.6 anteriores a 2.6.STABLE12, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de peticiones TRACE creadas que desencadenan un error de aserci\u00f3n."
}
],
"id": "CVE-2007-1560",
"lastModified": "2024-11-21T00:28:37.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-21T18:19:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "8029358E-A209-4570-8ECE-57920C88E72E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"id": "CVE-2004-2654",
"lastModified": "2024-11-20T23:53:54.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9801"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-25 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"id": "CVE-2005-0096",
"lastModified": "2024-11-20T23:54:24.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-25T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-30 18:05
Modified
2024-11-21 00:00
Severity ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE077B6D-CB5E-445A-97F8-444D3D7FCAD5",
"versionEndIncluding": "2.5.stable10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7F1E4-35E3-43A0-B4F8-68697D70908E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"id": "CVE-2005-2917",
"lastModified": "2024-11-21T00:00:43.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-30T18:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"id": "CVE-2005-0095",
"lastModified": "2024-11-20T23:54:24.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12886"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"id": "CVE-2005-0174",
"lastModified": "2024-11-20T23:54:33.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "cve@mitre.org",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"id": "CVE-2005-0446",
"lastModified": "2024-11-20T23:55:08.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"id": "CVE-2005-0094",
"lastModified": "2024-11-20T23:54:24.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"id": "CVE-2002-0714",
"lastModified": "2024-11-20T23:39:42.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5924"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openpkg | openpkg | 2.1 | |
| openpkg | openpkg | 2.2 | |
| openpkg | openpkg | current | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 3.0_pre1 | |
| squid | squid | 3.0_pre2 | |
| squid | squid | 3.0_pre3 | |
| gentoo | linux | * | |
| redhat | fedora_core | core_2.0 | |
| trustix | secure_linux | 1.5 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF89643B-169C-4ECD-B905-F4FE7F37030D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "631B754D-1EB0-4A64-819A-5A24E7D0ADFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "95AB69CF-AD54-4D30-A9C5-4253855A760F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"id": "CVE-2004-0918",
"lastModified": "2024-11-20T23:49:40.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2024-11-21 00:00
Severity ?
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"id": "CVE-2005-2794",
"lastModified": "2024-11-21T00:00:27.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"id": "CVE-2002-0713",
"lastModified": "2024-11-20T23:39:42.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"id": "CVE-2005-0173",
"lastModified": "2024-11-20T23:54:33.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2024-11-21 00:00
Severity ?
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"id": "CVE-2005-2796",
"lastModified": "2024-11-21T00:00:27.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"id": "CVE-2002-0715",
"lastModified": "2024-11-20T23:39:42.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F50EF3-9CC0-4E49-8B37-E39A3228CB82",
"versionEndIncluding": "2.4_stable_3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE3 y versiones anteriores permite a atacantes remotos causar la denegaci\u00f3n de servicios por volcado del n\u00facleo (core dump) y ejecutar c\u00f3digo arbitrario mediante una direcci\u00f3n URL ftp:// mal construida."
}
],
"id": "CVE-2002-0068",
"lastModified": "2024-11-20T23:38:13.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5378"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-08 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.7.stable1 | |
| squid | squid | 2.7.stable2 | |
| squid | squid | 2.7.stable3 | |
| squid | squid | 2.7.stable4 | |
| squid | squid | 2.7.stable5 | |
| squid | squid | 3.0.stable1 | |
| squid | squid | 3.0.stable2 | |
| squid | squid | 3.0.stable3 | |
| squid | squid | 3.0.stable4 | |
| squid | squid | 3.0.stable5 | |
| squid | squid | 3.0.stable6 | |
| squid | squid | 3.0.stable7 | |
| squid | squid | 3.0.stable8 | |
| squid | squid | 3.0.stable9 | |
| squid | squid | 3.0.stable10 | |
| squid | squid | 3.0.stable11 | |
| squid | squid | 3.0.stable12 | |
| squid | squid | 3.1 | |
| squid | squid | 3.1.0.1 | |
| squid | squid | 3.1.0.2 | |
| squid | squid | 3.1.0.3 | |
| squid | squid | 3.1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDD4129-3F89-4833-8789-4568CAE3B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF2ED3A-B88A-49EE-9565-56C726447882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "42579A3F-EDD8-44F7-9436-1B386FDC604E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "C689CFA4-A9F3-4B8B-80CB-F948E8C32C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "E503C019-4E96-4D4F-B9BD-327E3C22DE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D53774A-4523-4C9F-8FDF-BF39C4F32C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA0CA70-79A0-4AC6-ADE3-99DCE8FB09BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4048B18-219C-4D23-979B-C32A4F84E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBD6F80-63F1-4B6D-BBCD-240D8A18C429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "60A83314-4628-4352-BE10-89ED4B228E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD6F1C-ECE2-4ADA-8230-49500AE0AB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7A5792-DAD0-4E84-90EB-E92873DB763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2786AA-F9B6-4825-9C2E-9548D6D2A3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB49168-03B3-43D5-9076-6FE206EF42A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF222F-1A8E-4351-BBD4-5BC39B5BF2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "38092277-47D4-4B83-BF32-DE595CDE7B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ED346B-D762-481D-92FA-260C2C5A915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73060F28-ABCE-4428-8F12-772E4D312DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A006818-7901-4391-BFF7-9AD1AF8DAFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF28EA4-2847-4176-81C1-C7A2007D14E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAD9B4B-0856-458B-AB21-15D0420A7F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54E9F64C-363B-4702-996F-14F66450D6B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
},
{
"lang": "es",
"value": "Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegaci\u00f3n de servicio por medio de una petici\u00f3n HTTP con un n\u00famero de versi\u00f3n no v\u00e1lido, lo que desencadena una aserci\u00f3n accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c."
}
],
"id": "CVE-2009-0478",
"lastModified": "2024-11-21T00:59:59.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-08T22:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2009-02-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"id": "CVE-2005-0194",
"lastModified": "2024-11-20T23:54:36.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-01 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "C8585F22-39CB-46E1-B247-377C5C60AB47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
},
{
"lang": "es",
"value": "La funci\u00f3n arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegaci\u00f3n de servicio (terminaci\u00f3n del proceso) a trav\u00e9s de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmaci\u00f3n. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239."
}
],
"id": "CVE-2008-1612",
"lastModified": "2024-11-21T00:44:55.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-01T17:44:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Error de memoria en SNMP de Squid STABLE2 y versiones anteriores permite a un atacante remoto provocar una denegaci\u00f3n del servicio."
}
],
"id": "CVE-2002-0069",
"lastModified": "2024-11-20T23:38:13.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"id": "CVE-2005-0241",
"lastModified": "2024-11-20T23:54:42.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "security@debian.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2005-3322
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_28_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.novell.com/linux/security/advisories/2005_24_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/15165 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3322",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1519
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13592 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/15294 | third-party-advisory, x_refsource_SECUNIA | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2005/dsa-751 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2005-489.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2005/0521 | vdb-entry, x_refsource_VUPEN | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1519",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0163
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php | vendor-advisory, x_refsource_MANDRAKE | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt | vendor-advisory, x_refsource_CALDERA | |
| http://marc.info/?l=bugtraq&m=101716495023226&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8628.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4363 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/Advisories/SQUID-2002_2.txt | x_refsource_CONFIRM | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0163",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-03-28T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2414
Vulnerability from cvelistv5
Published
2007-11-01 17:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=103783186608438&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/6218 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10673.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10673.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2414",
"datePublished": "2007-11-01T17:00:00",
"dateReserved": "2007-11-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:53.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2794
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2794",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2654
Vulnerability from cvelistv5
Published
2006-02-24 11:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/bugs/show_bug.cgi?id=972 | x_refsource_MISC | |
| http://securitytracker.com/id?1011214 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/9801 | vdb-entry, x_refsource_OSVDB | |
| http://www.attrition.org/pipermail/vim/2006-February/000570.html | mailing-list, x_refsource_VIM | |
| http://secunia.com/advisories/12754 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/12508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitylab.ru/47881.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972",
"refsource": "MISC",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "http://www.securitylab.ru/47881.html",
"refsource": "MISC",
"url": "http://www.securitylab.ru/47881.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2654",
"datePublished": "2006-02-24T11:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0097
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth | x_refsource_CONFIRM | |
| http://www.trustix.org/errata/2005/0003/ | vendor-advisory, x_refsource_TRUSTIX | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://securitytracker.com/id?1012818 | vdb-entry, x_refsource_SECTRACK | |
| http://security.gentoo.org/glsa/glsa-200501-25.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-061.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/13789 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12220 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/2005_06_squid.html | vendor-advisory, x_refsource_SUSE | |
| http://www.redhat.com/support/errata/RHSA-2005-060.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0097",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0095
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0095",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0094
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0094",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3258
Vulnerability from cvelistv5
Published
2005-10-20 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17626 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015085 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/17287 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17513 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17338 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17645 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17271 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/2151 | vdb-entry, x_refsource_VUPEN | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_27_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/17407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-04T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17407"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3258",
"datePublished": "2005-10-20T04:00:00",
"dateReserved": "2005-10-19T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0626
Vulnerability from cvelistv5
Published
2005-03-03 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie | x_refsource_CONFIRM | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/12716 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/93-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19581 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0626",
"datePublished": "2005-03-03T05:00:00",
"dateReserved": "2005-03-03T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0247
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"refsource": "OSVDB",
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0247",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0067
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=101443252627021&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html | vendor-advisory, x_refsource_CALDERA | |
| http://www.iss.net/security_center/static/8261.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4150 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101431040422095&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2002-029.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/5379 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0067",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1345
Vulnerability from cvelistv5
Published
2005-04-28 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1255 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2005/dsa-721 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1345",
"datePublished": "2005-04-28T04:00:00",
"dateReserved": "2005-04-28T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0175
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0175",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0069
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=101443252627021&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html | vendor-advisory, x_refsource_CALDERA | |
| http://www.iss.net/security_center/static/8260.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101431040422095&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2002-029.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/4146 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0069",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1560
Vulnerability from cvelistv5
Published
2007-03-21 18:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24614"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-1560",
"datePublished": "2007-03-21T18:00:00",
"dateReserved": "2007-03-21T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0713
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squid-ftp-dir-bo(9481)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0713",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0248
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0248",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0194
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=110901183320453&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch | x_refsource_CONFIRM | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-667 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/260421 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/260421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0194",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-31T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0832
Vulnerability from cvelistv5
Published
2004-09-28 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/11098 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.trustix.org/errata/2004/0047/ | vendor-advisory, x_refsource_TRUSTIX | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17218 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:093 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11098"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0832",
"datePublished": "2004-09-28T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0173
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0173",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0714
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102674543407606&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Advisories/SQUID-2002_3.txt | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-130.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/5158 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.iss.net/security_center/static/9479.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5924 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0714",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1711
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014030 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1711",
"datePublished": "2005-05-24T04:00:00Z",
"dateReserved": "2005-05-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0718
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1224 | x_refsource_CONFIRM | |
| http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19919 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/13166 | vdb-entry, x_refsource_BID | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/12508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-489.html | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/111-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"name": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0718",
"datePublished": "2005-03-12T05:00:00",
"dateReserved": "2005-03-12T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0189
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-15T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0189",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2917
Vulnerability from cvelistv5
Published
2005-09-30 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2917",
"datePublished": "2005-09-30T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0715
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102674543407606&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Advisories/SQUID-2002_3.txt | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-130.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.iss.net/security_center/static/9478.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5154 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0715",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0241
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-0241",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0096
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0096",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0478
Vulnerability from cvelistv5
Published
2009-02-08 22:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/33604 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33731 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200903-38.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/archive/1/500653/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=484246 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021684 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Advisories/SQUID-2009_1.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 | vendor-advisory, x_refsource_MANDRIVA | |
| https://www.exploit-db.com/exploits/8021 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/34467 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=484246",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0478",
"datePublished": "2009-02-08T22:00:00",
"dateReserved": "2009-02-08T00:00:00",
"dateUpdated": "2024-08-07T04:31:26.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2796
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2796",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0918
Vulnerability from cvelistv5
Published
2004-10-21 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30914"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0918",
"datePublished": "2004-10-21T04:00:00",
"dateReserved": "2004-09-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0446
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0446",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0068
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0068",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1612
Vulnerability from cvelistv5
Published
2008-04-01 17:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:43.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1612",
"datePublished": "2008-04-01T17:00:00",
"dateReserved": "2008-04-01T00:00:00",
"dateUpdated": "2024-08-07T08:24:43.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0174
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"name": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt",
"refsource": "CONFIRM",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0174",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}