Vulnerabilites related to squid - squid
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
},
{
"lang": "es",
"value": "La funci\u00f3n de decodificaci\u00f3n de URL \"%xx\" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un car\u00e1cter nulo (\"%00\"), lo que hace que Squid use s\u00f3lo un parte de la URL solicitada para compararla con la lista de control de acceso."
}
],
"id": "CVE-2004-0189",
"lastModified": "2024-11-20T23:47:57.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5916"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90.2 | |
| gibraltar | gibraltar_firewall | 2.2 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gibraltar:gibraltar_firewall:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA242C-9328-484D-A8E8-D185DE475B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"id": "CVE-2005-1711",
"lastModified": "2024-11-20T23:57:57.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2024-11-21 00:00
Severity ?
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"id": "CVE-2005-2794",
"lastModified": "2024-11-21T00:00:27.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2024-11-21 00:00
Severity ?
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"id": "CVE-2005-2796",
"lastModified": "2024-11-21T00:00:27.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"id": "CVE-2002-0713",
"lastModified": "2024-11-20T23:39:42.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-26 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5187F-1587-43D4-801C-99C47F2AFC01",
"versionEndIncluding": "2.4_9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Squid anterior a 2.4.9 permite a un atacante remoto producir una denegaci\u00f3n de servicio, y probablemente ejecutar c\u00f3digo arbitrario, mediante respuestas DNS comprimidas."
}
],
"id": "CVE-2002-0163",
"lastModified": "2024-11-20T23:38:27.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"id": "CVE-2002-0715",
"lastModified": "2024-11-20T23:39:42.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-14 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"id": "CVE-2005-0718",
"lastModified": "2024-11-20T23:55:45.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/111-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-11 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"id": "CVE-2005-0097",
"lastModified": "2024-11-20T23:54:24.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"id": "CVE-2005-0241",
"lastModified": "2024-11-20T23:54:42.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "security@debian.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera | 6.0.3 | |
| squid | squid | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4BDFF-55FC-4D2A-87BE-6B6B2320CA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"id": "CVE-2002-2414",
"lastModified": "2024-11-20T23:43:37.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"id": "CVE-2002-0714",
"lastModified": "2024-11-20T23:39:42.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5924"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "8029358E-A209-4570-8ECE-57920C88E72E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"id": "CVE-2004-2654",
"lastModified": "2024-11-20T23:53:54.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9801"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED784B-1BF3-4A13-B5BF-AFE7741B8002",
"versionEndIncluding": "2.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
},
{
"lang": "es",
"value": "Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticaci\u00f3n NTLM activada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete NTLMSSP que hace que se pase un valor negativo a memcpy."
}
],
"id": "CVE-2004-0832",
"lastModified": "2024-11-20T23:49:31.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "cve@mitre.org",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openpkg | openpkg | 2.1 | |
| openpkg | openpkg | 2.2 | |
| openpkg | openpkg | current | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 3.0_pre1 | |
| squid | squid | 3.0_pre2 | |
| squid | squid | 3.0_pre3 | |
| gentoo | linux | * | |
| redhat | fedora_core | core_2.0 | |
| trustix | secure_linux | 1.5 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF89643B-169C-4ECD-B905-F4FE7F37030D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "631B754D-1EB0-4A64-819A-5A24E7D0ADFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "95AB69CF-AD54-4D30-A9C5-4253855A760F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"id": "CVE-2004-0918",
"lastModified": "2024-11-20T23:49:40.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2024-11-21 00:25
Severity ?
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
},
{
"lang": "es",
"value": "El archivo squid/src/ftp.c en Squid versiones anteriores a 2.6.STABLE7, permite a los servidores FTP remotos causar una denegaci\u00f3n de servicio (volcado del n\u00facleo) por medio de respuestas de enumeraci\u00f3n de directorio FTP, posiblemente relacionadas con las funciones (1) ftpListingFinish y (2) ftpHtmlifyListEntry."
}
],
"id": "CVE-2007-0247",
"lastModified": "2024-11-21T00:25:20.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39839"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2024-11-21 00:25
Severity ?
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
},
{
"lang": "es",
"value": "La funci\u00f3n aclMatchExternal en Squid anterior a 2.6.STABLE7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) provocando una sobrecarga de la cola external_acl, lo cual provoca un bucle infinito."
}
],
"id": "CVE-2007-0248",
"lastModified": "2024-11-21T00:25:20.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01315F91-D843-49EC-81B2-0FDDD95E0789",
"versionEndIncluding": "2.5_stable9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"id": "CVE-2005-1519",
"lastModified": "2024-11-20T23:57:32.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-20 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5.stable11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E0E93D-2499-4600-BE99-C6CDE99374DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"id": "CVE-2005-3258",
"lastModified": "2024-11-21T00:01:28.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-20T10:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2151"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-08 22:30
Modified
2024-11-21 00:59
Severity ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.7.stable1 | |
| squid | squid | 2.7.stable2 | |
| squid | squid | 2.7.stable3 | |
| squid | squid | 2.7.stable4 | |
| squid | squid | 2.7.stable5 | |
| squid | squid | 3.0.stable1 | |
| squid | squid | 3.0.stable2 | |
| squid | squid | 3.0.stable3 | |
| squid | squid | 3.0.stable4 | |
| squid | squid | 3.0.stable5 | |
| squid | squid | 3.0.stable6 | |
| squid | squid | 3.0.stable7 | |
| squid | squid | 3.0.stable8 | |
| squid | squid | 3.0.stable9 | |
| squid | squid | 3.0.stable10 | |
| squid | squid | 3.0.stable11 | |
| squid | squid | 3.0.stable12 | |
| squid | squid | 3.1 | |
| squid | squid | 3.1.0.1 | |
| squid | squid | 3.1.0.2 | |
| squid | squid | 3.1.0.3 | |
| squid | squid | 3.1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDD4129-3F89-4833-8789-4568CAE3B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF2ED3A-B88A-49EE-9565-56C726447882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "42579A3F-EDD8-44F7-9436-1B386FDC604E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "C689CFA4-A9F3-4B8B-80CB-F948E8C32C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "E503C019-4E96-4D4F-B9BD-327E3C22DE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D53774A-4523-4C9F-8FDF-BF39C4F32C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA0CA70-79A0-4AC6-ADE3-99DCE8FB09BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4048B18-219C-4D23-979B-C32A4F84E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBD6F80-63F1-4B6D-BBCD-240D8A18C429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "60A83314-4628-4352-BE10-89ED4B228E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD6F1C-ECE2-4ADA-8230-49500AE0AB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7A5792-DAD0-4E84-90EB-E92873DB763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2786AA-F9B6-4825-9C2E-9548D6D2A3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB49168-03B3-43D5-9076-6FE206EF42A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF222F-1A8E-4351-BBD4-5BC39B5BF2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "38092277-47D4-4B83-BF32-DE595CDE7B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ED346B-D762-481D-92FA-260C2C5A915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73060F28-ABCE-4428-8F12-772E4D312DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A006818-7901-4391-BFF7-9AD1AF8DAFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF28EA4-2847-4176-81C1-C7A2007D14E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAD9B4B-0856-458B-AB21-15D0420A7F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54E9F64C-363B-4702-996F-14F66450D6B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
},
{
"lang": "es",
"value": "Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegaci\u00f3n de servicio por medio de una petici\u00f3n HTTP con un n\u00famero de versi\u00f3n no v\u00e1lido, lo que desencadena una aserci\u00f3n accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c."
}
],
"id": "CVE-2009-0478",
"lastModified": "2024-11-21T00:59:59.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-08T22:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2009-02-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"id": "CVE-2005-0174",
"lastModified": "2024-11-20T23:54:33.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "cve@mitre.org",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"id": "CVE-2005-0173",
"lastModified": "2024-11-20T23:54:33.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-01 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "C8585F22-39CB-46E1-B247-377C5C60AB47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
},
{
"lang": "es",
"value": "La funci\u00f3n arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegaci\u00f3n de servicio (terminaci\u00f3n del proceso) a trav\u00e9s de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmaci\u00f3n. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239."
}
],
"id": "CVE-2008-1612",
"lastModified": "2024-11-21T00:44:55.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-01T17:44:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.6.stable1 | |
| suse | suse_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"id": "CVE-2005-3322",
"lastModified": "2024-11-21T00:01:37.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-25 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"id": "CVE-2005-0096",
"lastModified": "2024-11-20T23:54:24.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-25T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-08 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"id": "CVE-2005-0626",
"lastModified": "2024-11-20T23:55:33.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/93-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/93-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"id": "CVE-2005-0094",
"lastModified": "2024-11-20T23:54:24.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"id": "CVE-2005-1345",
"lastModified": "2024-11-20T23:57:08.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"id": "CVE-2005-0194",
"lastModified": "2024-11-20T23:54:36.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F50EF3-9CC0-4E49-8B37-E39A3228CB82",
"versionEndIncluding": "2.4_stable_3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE3 y versiones anteriores permite a atacantes remotos causar la denegaci\u00f3n de servicios por volcado del n\u00facleo (core dump) y ejecutar c\u00f3digo arbitrario mediante una direcci\u00f3n URL ftp:// mal construida."
}
],
"id": "CVE-2002-0068",
"lastModified": "2024-11-20T23:38:13.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5378"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 18:19
Modified
2024-11-21 00:28
Severity ?
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8BCEDD-FB0A-4B5F-97FA-185CE6EE9A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "F09C974D-7BCB-450C-B730-1E92719A0763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "551B1272-D426-40B4-94D5-1F7DD8897F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EFC173-02B7-4F2A-A42F-5C14204737A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "A6667E4C-C1B6-416C-9862-6CF618692E15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
},
{
"lang": "es",
"value": "La funci\u00f3n clientProcessRequest() en el archivo src/client_side.c en Squid versiones 2.6 anteriores a 2.6.STABLE12, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de peticiones TRACE creadas que desencadenan un error de aserci\u00f3n."
}
],
"id": "CVE-2007-1560",
"lastModified": "2024-11-21T00:28:37.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-21T18:19:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Error de memoria en SNMP de Squid STABLE2 y versiones anteriores permite a un atacante remoto provocar una denegaci\u00f3n del servicio."
}
],
"id": "CVE-2002-0069",
"lastModified": "2024-11-20T23:38:13.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"id": "CVE-2005-0095",
"lastModified": "2024-11-20T23:54:24.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12886"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"id": "CVE-2005-0446",
"lastModified": "2024-11-20T23:55:08.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE2 y versiones anteriores no deshabilita adecuadamente HTCP, incluso cuando \"\"htcp_port 0\"\" es especificado en el fichero squid.conf, el cual podr\u00eda permitir a atacantes remotos saltarse las restricciones de acceso."
}
],
"id": "CVE-2002-0067",
"lastModified": "2024-11-20T23:38:13.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5379"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"id": "CVE-2005-0175",
"lastModified": "2024-11-20T23:54:33.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-30 18:05
Modified
2024-11-21 00:00
Severity ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE077B6D-CB5E-445A-97F8-444D3D7FCAD5",
"versionEndIncluding": "2.5.stable10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7F1E4-35E3-43A0-B4F8-68697D70908E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"id": "CVE-2005-2917",
"lastModified": "2024-11-21T00:00:43.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-30T18:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2005-1711
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014030 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1711",
"datePublished": "2005-05-24T04:00:00Z",
"dateReserved": "2005-05-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0175
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0175",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0241
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-0241",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0832
Vulnerability from cvelistv5
Published
2004-09-28 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/11098 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.trustix.org/errata/2004/0047/ | vendor-advisory, x_refsource_TRUSTIX | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17218 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:093 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11098"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0832",
"datePublished": "2004-09-28T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0095
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0095",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0068
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0068",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2414
Vulnerability from cvelistv5
Published
2007-11-01 17:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=103783186608438&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/6218 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10673.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10673.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2414",
"datePublished": "2007-11-01T17:00:00",
"dateReserved": "2007-11-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:53.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0248
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0248",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3258
Vulnerability from cvelistv5
Published
2005-10-20 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17626 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015085 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/17287 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17513 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17338 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17645 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17271 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/2151 | vdb-entry, x_refsource_VUPEN | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_27_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/17407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-04T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17407"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3258",
"datePublished": "2005-10-20T04:00:00",
"dateReserved": "2005-10-19T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2796
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2796",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0714
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102674543407606&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Advisories/SQUID-2002_3.txt | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-130.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/5158 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.iss.net/security_center/static/9479.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5924 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0714",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0067
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=101443252627021&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html | vendor-advisory, x_refsource_CALDERA | |
| http://www.iss.net/security_center/static/8261.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4150 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101431040422095&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2002-029.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/5379 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0067",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0163
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php | vendor-advisory, x_refsource_MANDRAKE | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt | vendor-advisory, x_refsource_CALDERA | |
| http://marc.info/?l=bugtraq&m=101716495023226&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8628.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4363 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/Advisories/SQUID-2002_2.txt | x_refsource_CONFIRM | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0163",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-03-28T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0069
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=101443252627021&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html | vendor-advisory, x_refsource_CALDERA | |
| http://www.iss.net/security_center/static/8260.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101431040422095&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2002-029.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/4146 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0069",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0713
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squid-ftp-dir-bo(9481)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0713",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1612
Vulnerability from cvelistv5
Published
2008-04-01 17:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:43.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1612",
"datePublished": "2008-04-01T17:00:00",
"dateReserved": "2008-04-01T00:00:00",
"dateUpdated": "2024-08-07T08:24:43.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0918
Vulnerability from cvelistv5
Published
2004-10-21 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30914"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0918",
"datePublished": "2004-10-21T04:00:00",
"dateReserved": "2004-09-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0173
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0173",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1519
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13592 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/15294 | third-party-advisory, x_refsource_SECUNIA | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2005/dsa-751 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2005-489.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2005/0521 | vdb-entry, x_refsource_VUPEN | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1519",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0626
Vulnerability from cvelistv5
Published
2005-03-03 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie | x_refsource_CONFIRM | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/12716 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/93-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19581 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0626",
"datePublished": "2005-03-03T05:00:00",
"dateReserved": "2005-03-03T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2917
Vulnerability from cvelistv5
Published
2005-09-30 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2917",
"datePublished": "2005-09-30T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0194
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=110901183320453&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch | x_refsource_CONFIRM | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-667 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/260421 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/260421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0194",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-31T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3322
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_28_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.novell.com/linux/security/advisories/2005_24_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/15165 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3322",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0174
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"name": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt",
"refsource": "CONFIRM",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0174",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1345
Vulnerability from cvelistv5
Published
2005-04-28 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1255 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2005/dsa-721 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1345",
"datePublished": "2005-04-28T04:00:00",
"dateReserved": "2005-04-28T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0715
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102674543407606&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Advisories/SQUID-2002_3.txt | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2002-130.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.iss.net/security_center/static/9478.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5154 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0715",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0096
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0096",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0478
Vulnerability from cvelistv5
Published
2009-02-08 22:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/33604 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33731 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200903-38.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/archive/1/500653/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=484246 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021684 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Advisories/SQUID-2009_1.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 | vendor-advisory, x_refsource_MANDRIVA | |
| https://www.exploit-db.com/exploits/8021 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/34467 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=484246",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0478",
"datePublished": "2009-02-08T22:00:00",
"dateReserved": "2009-02-08T00:00:00",
"dateUpdated": "2024-08-07T04:31:26.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0718
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/bugs/show_bug.cgi?id=1224 | x_refsource_CONFIRM | |
| http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19919 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/13166 | vdb-entry, x_refsource_BID | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/12508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-489.html | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/111-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.redhat.com/support/errata/RHSA-2005-415.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"name": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0718",
"datePublished": "2005-03-12T05:00:00",
"dateReserved": "2005-03-12T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0097
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth | x_refsource_CONFIRM | |
| http://www.trustix.org/errata/2005/0003/ | vendor-advisory, x_refsource_TRUSTIX | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://securitytracker.com/id?1012818 | vdb-entry, x_refsource_SECTRACK | |
| http://security.gentoo.org/glsa/glsa-200501-25.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-061.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/13789 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12220 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/2005_06_squid.html | vendor-advisory, x_refsource_SUSE | |
| http://www.redhat.com/support/errata/RHSA-2005-060.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0097",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0247
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"refsource": "OSVDB",
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0247",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0189
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-15T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0189",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0094
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0094",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0446
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0446",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2654
Vulnerability from cvelistv5
Published
2006-02-24 11:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/bugs/show_bug.cgi?id=972 | x_refsource_MISC | |
| http://securitytracker.com/id?1011214 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/9801 | vdb-entry, x_refsource_OSVDB | |
| http://www.attrition.org/pipermail/vim/2006-February/000570.html | mailing-list, x_refsource_VIM | |
| http://secunia.com/advisories/12754 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/12508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitylab.ru/47881.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972",
"refsource": "MISC",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "http://www.securitylab.ru/47881.html",
"refsource": "MISC",
"url": "http://www.securitylab.ru/47881.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2654",
"datePublished": "2006-02-24T11:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2794
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2794",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1560
Vulnerability from cvelistv5
Published
2007-03-21 18:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24614"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-1560",
"datePublished": "2007-03-21T18:00:00",
"dateReserved": "2007-03-21T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201008-0392
Vulnerability from variot
Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------
List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: Squid Long DNS Replies Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA41090
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
RELEASE DATE: 2010-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/41090/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41090/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior versions may also be affected.
SOLUTION: Update to version 3.1.7.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: Stephen Thorne
ORIGINAL ADVISORY: Squid 3.1.7 Announcement: http://marc.info/?l=squid-users&m=128263555724981&w=2
Squid Bug #3021: http://bugs.squid-cache.org/show_bug.cgi?id=3021
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.1
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------\n\n\nList of products vulnerable to insecure library loading vulnerabilities:\nhttp://secunia.com/_%22insecure%20library%20loading%22\n\nThe list is continuously updated as we confirm the vulnerability reports\nso check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Long DNS Replies Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41090\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41090/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nRELEASE DATE:\n2010-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41090/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41090/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 3.1.7. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nStephen Thorne\n\nORIGINAL ADVISORY:\nSquid 3.1.7 Announcement:\nhttp://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2\n\nSquid Bug #3021:\nhttp://bugs.squid-cache.org/show_bug.cgi?id=3021\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.63
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "41090",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1693",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "93260",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"id": "VAR-201008-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"last_update_date": "2022-05-17T01:51:49.011000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid\u0027s long DNS reply denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/881"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41090/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/_%22insecure%20library%20loading%22"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41090/#comments"
},
{
"trust": 0.1,
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"date": "2010-08-30T09:52:39",
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid Long DNS Reply Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.6
}
}
var-201009-0314
Vulnerability from variot
Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"id": "VAR-201009-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"last_update_date": "2022-05-04T09:06:16.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid string handling null pointer application denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.squid-cache.org/advisories/squid-2010_3.txthttp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid String Handling Null Pointer Application Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
}
}
var-200505-0836
Vulnerability from variot
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. This vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0836",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.6.stable1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "gibraltar",
"version": "2.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clam anti virus",
"version": "0.90.2"
},
{
"model": "firewall a",
"scope": "ne",
"trust": 0.3,
"vendor": "gibraltar",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gibraltar:gibraltar_firewall:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12920",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. \nThis vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1711",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014030",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.7
},
{
"db": "BID",
"id": "13713",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12920",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"id": "VAR-200505-0836",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:47:18.845000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014030"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/changes.php?onlylastversion=1\u0026htmloutput=1\u0026to=2.2a"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2005-05-23T00:00:00",
"db": "BID",
"id": "13713"
},
{
"date": "2005-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"date": "2005-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2009-07-12T14:56:00",
"db": "BID",
"id": "13713"
},
{
"date": "2008-09-05T20:49:52.247000",
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall Antivirus Scan Avoidance Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.9
}
}
var-201109-0081
Vulnerability from variot
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2304-1 security@debian.org http://www.debian.org/security/ Nico Golde Sep 11, 2011 http://www.debian.org/security/faq
Package : squid3 Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : 639755 CVE IDs : CVE-2011-3205
Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies.
For the oldstable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny5.
For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 3.1.15-1.
For the unstable distribution (sid), this problem has been fixed in version 3.1.15-1.
We recommend that you upgrade your squid3 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 =====================================================================
- Summary:
An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. (CVE-2011-3205)
Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm
s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: Squid Gopher Response Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA45805
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
RELEASE DATE: 2011-08-30
DISCUSS ADVISORY: http://secunia.com/advisories/45805/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45805/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
This is related to vulnerability #2 in: SA13825
The vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25 and 3.1.x prior to 3.1.14
SOLUTION: Update to version 3.0.STABLE26 or 3.1.15.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Hawkes, Google Security Team.
ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
For more information: SA45805
SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24
http://security.gentoo.org/
Severity: High Title: Squid: Multiple vulnerabilities Date: October 26, 2011 Bugs: #279379, #279380, #301828, #334263, #381065, #386215 ID: 201110-24
Synopsis
Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-proxy/squid < 3.1.15 >= 3.1.15
Description
Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All squid users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621 [ 2 ] CVE-2009-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622 [ 3 ] CVE-2009-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855 [ 4 ] CVE-2010-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308 [ 5 ] CVE-2010-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639 [ 6 ] CVE-2010-2951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951 [ 7 ] CVE-2010-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072 [ 8 ] CVE-2011-3205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.1.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.17"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.1,
"vendor": "squid cache",
"version": "3.1.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable22"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable17"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable25"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable24"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable19"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable23"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable20"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable21"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2.0.11"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0.stable26"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.x"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.13"
},
{
"model": "3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable18",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable21",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.14"
},
{
"model": "3.0.stable8",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy 3.0.stable26",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable22",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable7",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable13",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.10"
},
{
"model": "3.0.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable23",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable15",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable16 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable20",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy cache",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.11"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "3.0.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "3.0.stable4",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "3.0.stable3",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable12",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable2",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable17",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.15"
},
{
"model": "3.0.stable1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable11",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable24",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1"
},
{
"model": "3.0.stable11 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable9",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable14",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.1"
},
{
"model": "3.0.stable19",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "3.0.stable10",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy 3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable16",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
}
],
"trust": 0.5
},
"cve": "CVE-2011-3205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3205",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3205",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2304-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSep 11, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid3\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian bug : 639755\nCVE IDs : CVE-2011-3205\n\nBen Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1. \n\nWe recommend that you upgrade your squid3 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: squid security update\nAdvisory ID: RHSA-2011:1293-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html\nIssue date: 2011-09-14\nCVE Names: CVE-2011-3205 \n=====================================================================\n\n1. Summary:\n\nAn updated squid package that fixes one security issue is now available for\nRed Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nSquid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects. \n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nppc64:\nsquid-3.1.10-1.el6_1.1.ppc64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm\n\ns390x:\nsquid-3.1.10-1.el6_1.1.s390x.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3205.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA\nrDOr/svPTfi23jLvkODeYbk=\n=0hIH\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Gopher Response Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45805\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45805/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nRELEASE DATE:\n2011-08-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45805/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45805/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service) or potentially\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error when processing\nGopher responses and can be exploited to cause a buffer overflow via\nan overly long string. \n\nThis is related to vulnerability #2 in:\nSA13825\n\nThe vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25\nand 3.1.x prior to 3.1.14\n\nSOLUTION:\nUpdate to version 3.0.STABLE26 or 3.1.15. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Hawkes, Google Security Team. \n\nORIGINAL ADVISORY:\nhttp://www.squid-cache.org/Advisories/SQUID-2011_3.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nThe new Secunia Corporate Software Inspector (CSI) 5.0 \nIntegrates with Microsoft WSUS \u0026 SCCM and supports Apple Mac OS X. This fixes a vulnerability,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) or potentially compromise a vulnerable system. \n\nFor more information:\nSA45805\n\nSOLUTION:\nApply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Squid: Multiple vulnerabilities\n Date: October 26, 2011\n Bugs: #279379, #279380, #301828, #334263, #381065, #386215\n ID: 201110-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Squid allowing attackers to\nexecute arbitrary code or cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-proxy/squid \u003c 3.1.15 \u003e= 3.1.15\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Squid. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-proxy/squid-3.1.15\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 4, 2011. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621\n[ 2 ] CVE-2009-2622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622\n[ 3 ] CVE-2009-2855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855\n[ 4 ] CVE-2010-0308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308\n[ 5 ] CVE-2010-0639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639\n[ 6 ] CVE-2010-2951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951\n[ 7 ] CVE-2010-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072\n[ 8 ] CVE-2011-3205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3205",
"trust": 3.0
},
{
"db": "BID",
"id": "49356",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "45805",
"trust": 2.3
},
{
"db": "SECUNIA",
"id": "45920",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45906",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "46029",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45965",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1025981",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/29/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/8",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/4",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "74847",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3411",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "105002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106273",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"id": "VAR-201109-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
]
},
"last_update_date": "2024-07-22T23:14:00.068000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffer Overflow vulnerability in Squid",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"title": "SQUID-2011:3",
"trust": 0.8,
"url": "http://www.squid-cache.org/advisories/squid-2011_3.txt"
},
{
"title": "Squid Gopher Answers Patch for Handling Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4943"
},
{
"title": "Squid Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234527"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/49356"
},
{
"trust": 2.0,
"url": "http://www.squid-cache.org/advisories/squid-2011_3.txt"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065534.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46029"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45920"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:150"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45965"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45805"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45906"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v2/2.head/changesets/12710.patch"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1025981"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1293.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/74847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3205"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/45805/http"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3205"
},
{
"trust": 0.3,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.2,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1293.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3205.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45920"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45906"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46029"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/trial/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45965"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/#comments"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201110-24.xml"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2011-08-29T00:00:00",
"db": "BID",
"id": "49356"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2011-09-12T14:44:49",
"db": "PACKETSTORM",
"id": "105002"
},
{
"date": "2011-09-14T22:52:18",
"db": "PACKETSTORM",
"id": "105119"
},
{
"date": "2011-08-29T05:10:22",
"db": "PACKETSTORM",
"id": "104550"
},
{
"date": "2011-09-08T08:14:56",
"db": "PACKETSTORM",
"id": "104920"
},
{
"date": "2011-09-08T08:14:29",
"db": "PACKETSTORM",
"id": "104911"
},
{
"date": "2011-11-19T11:11:14",
"db": "PACKETSTORM",
"id": "107145"
},
{
"date": "2011-09-13T05:45:01",
"db": "PACKETSTORM",
"id": "105010"
},
{
"date": "2011-10-26T23:33:14",
"db": "PACKETSTORM",
"id": "106273"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2011-09-06T15:55:08.383000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2015-05-07T17:11:00",
"db": "BID",
"id": "49356"
},
{
"date": "2012-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2011-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2023-11-07T02:08:27.883000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gopher of gopherToHTML Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
}
],
"trust": 0.6
}
}