FKIE_CVE-2009-0478

Vulnerability from fkie_nvd - Published: 2009-02-08 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/33731Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34467Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200903-38.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:034
cve@mitre.orghttp://www.securityfocus.com/archive/1/500653/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/33604Exploit, Patch
cve@mitre.orghttp://www.securitytracker.com/id?1021684
cve@mitre.orghttp://www.squid-cache.org/Advisories/SQUID-2009_1.txtVendor Advisory
cve@mitre.orghttp://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patchVendor Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=484246
cve@mitre.orghttps://www.exploit-db.com/exploits/8021
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33731Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200903-38.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/500653/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33604Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021684
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Advisories/SQUID-2009_1.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patchVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=484246
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/8021
Impacted products
Vendor Product Version
squid squid 2.7.stable1
squid squid 2.7.stable2
squid squid 2.7.stable3
squid squid 2.7.stable4
squid squid 2.7.stable5
squid squid 3.0.stable1
squid squid 3.0.stable2
squid squid 3.0.stable3
squid squid 3.0.stable4
squid squid 3.0.stable5
squid squid 3.0.stable6
squid squid 3.0.stable7
squid squid 3.0.stable8
squid squid 3.0.stable9
squid squid 3.0.stable10
squid squid 3.0.stable11
squid squid 3.0.stable12
squid squid 3.1
squid squid 3.1.0.1
squid squid 3.1.0.2
squid squid 3.1.0.3
squid squid 3.1.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squid:squid:2.7.stable1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDD4129-3F89-4833-8789-4568CAE3B646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.7.stable2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF2ED3A-B88A-49EE-9565-56C726447882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.7.stable3:*:*:*:*:*:*:*",
              "matchCriteriaId": "42579A3F-EDD8-44F7-9436-1B386FDC604E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.7.stable4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689CFA4-A9F3-4B8B-80CB-F948E8C32C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.7.stable5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E503C019-4E96-4D4F-B9BD-327E3C22DE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D53774A-4523-4C9F-8FDF-BF39C4F32C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA0CA70-79A0-4AC6-ADE3-99DCE8FB09BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4048B18-219C-4D23-979B-C32A4F84E088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CBD6F80-63F1-4B6D-BBCD-240D8A18C429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable5:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A83314-4628-4352-BE10-89ED4B228E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable6:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FD6F1C-ECE2-4ADA-8230-49500AE0AB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7A5792-DAD0-4E84-90EB-E92873DB763C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2786AA-F9B6-4825-9C2E-9548D6D2A3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB49168-03B3-43D5-9076-6FE206EF42A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF222F-1A8E-4351-BBD4-5BC39B5BF2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable11:*:*:*:*:*:*:*",
              "matchCriteriaId": "38092277-47D4-4B83-BF32-DE595CDE7B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.0.stable12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6ED346B-D762-481D-92FA-260C2C5A915A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73060F28-ABCE-4428-8F12-772E4D312DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A006818-7901-4391-BFF7-9AD1AF8DAFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF28EA4-2847-4176-81C1-C7A2007D14E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAD9B4B-0856-458B-AB21-15D0420A7F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:3.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E9F64C-363B-4702-996F-14F66450D6B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
    },
    {
      "lang": "es",
      "value": "Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegaci\u00f3n de servicio por medio de una petici\u00f3n HTTP con un n\u00famero de versi\u00f3n no v\u00e1lido, lo que desencadena una aserci\u00f3n accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c."
    }
  ],
  "id": "CVE-2009-0478",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-08T22:30:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33604"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021684"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8021"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2009-02-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.