PT-2009-3132 · Squid · Squid+1

Praveen Darshanam

Publicado

2009-02-08

Atualizado

2018-10-11

CVE-2009-0478

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Squid versions 2.7 through 2.7.STABLE5 Squid versions 3.0 through 3.0.STABLE12 Squid versions 3.1 through 3.1.0.4

Description The issue allows remote attackers to cause a denial of service via an HTTP request with an invalid version number. This triggers a reachable assertion in files such as HttpMsg.c and HttpStatusLine.c.

Recommendations For Squid versions 2.7 through 2.7.STABLE5, update to a version outside of this range to resolve the issue. For Squid versions 3.0 through 3.0.STABLE12, update to a version outside of this range to resolve the issue. For Squid versions 3.1 through 3.1.0.4, update to a version outside of this range to resolve the issue.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-0478

DSA-1732-1

Produtos afetados

Squid

Squid Cache

PT-2009-3132 · Squid · Squid+1

CVE-2009-0478

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17