CVE-2009-2855

Name of the Vulnerable Software and Affected Versions Squid version 2.7

Description The issue is related to the strListGetItem function in src/HttpHeaderTools.c, which allows remote attackers to cause a denial of service. This is achieved through a crafted auth header containing certain comma delimiters, triggering an infinite loop of calls to the strcspn function.

Recommendations For Squid version 2.7, consider applying a patch or fix that addresses the infinite loop issue in the strListGetItem function to prevent denial of service attacks. As a temporary workaround, consider restricting access to auth headers to minimize the risk of exploitation.