PT-2014-1707 · Squid+5 · Squid+6

Matthew Daley

Publicado

2014-03-16

Atualizado

2017-01-07

CVE-2014-3609

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Squid versions 3.x prior to 3.3.12 Squid versions 3.4.x prior to 3.4.6

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information availability. This can be achieved through a request containing specially crafted Range headers with unidentifiable byte-range values, affecting the HttpHdrRange.cc component in Squid.

Recommendations For Squid versions 3.x prior to 3.3.12, update to version 3.3.12 or later. For Squid versions 3.4.x prior to 3.4.6, update to version 3.4.6 or later. As a temporary workaround, consider restricting access to the HttpHdrRange.cc component to minimize the risk of exploitation.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2014-1298

ALT-PU-2014-1531

ALT-PU-2014-1824

BDU:2015-00690

BDU:2015-04283

CESA-2014_1147

CESA-2014_1148

CVE-2014-3609

DLA-216-1

DLA-45-1

DSA-3014-1

DSA-3139-1

MGASA-2014-0369

RHSA-2014:1147

RHSA-2014:1148

RHSA-2014_1147

RHSA-2014_1148

SUSE-SU-2014_1140-1

USN-2327-1

Produtos afetados

Alt Linux

Centos

Red Hat

Squid

Squid Cache

Suse

Ubuntu

PT-2014-1707 · Squid+5 · Squid+6

CVE-2014-3609

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 78