CVE-2013-0189

Name of the Vulnerable Software and Affected Versions Squid versions 3.1.x through 3.2.x Squid version 3.1.22 Squid version 3.2.4

Description The issue allows remote attackers to cause a denial of service, specifically resource consumption, via a crafted request. This problem is due to an incorrect fix, possibly involving an incorrect order of arguments or incorrect comparison.

Recommendations For Squid versions 3.1.x through 3.2.x, consider restricting access to the cachemgr.cgi until a proper fix is applied. For Squid version 3.1.22, apply the same restriction as above to mitigate the risk. For Squid version 3.2.4, also restrict access to the cachemgr.cgi to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.