CVE-2006-0046 - OpenCVE

squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cameron Simpson	Adzapper

Configuration 1 [-]

OR	cpe:2.3:a:cameron_simpson:adzapper:2006-01-01:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-05:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-07:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-14:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-15:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-23:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-24:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-25:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-28:::::::*
	cpe:2.3:a:cameron_simpson:adzapper:2006-01-29:::::::*

References

Link	Resource
http://adzapper.sourceforge.net/cvslog.html
http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308%3Bmsg=5%3Batt=1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308
http://secunia.com/advisories/18771	Patch Vendor Advisory
http://secunia.com/advisories/18777	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-966	Patch Vendor Advisory
http://www.osvdb.org/22900
http://www.securityfocus.com/bid/16558
http://www.vupen.com/english/advisories/2006/0491
https://exchange.xforce.ibmcloud.com/vulnerabilities/24640

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2006-02-13T11:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2005-12-28T00:00:00

Link: CVE-2006-0046

JSON object: View

NVD Information

Status : Modified

Published: 2006-02-13T11:06:00.000

Modified: 2023-11-07T01:58:17.473

Link: CVE-2006-0046

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "ADV-2006-0491", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0491"}, {"name": "18771", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18771"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://adzapper.sourceforge.net/cvslog.html"}, {"name": "18777", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18777"}, {"name": "16558", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16558"}, {"name": "DSA-966", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-966"}, {"name": "adzapper-squid-redirect-dos(24640)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24640"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308%3Bmsg=5%3Batt=1"}, {"name": "22900", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22900"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2006-0046", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0491"}, {"name": "18771", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18771"}, {"name": "http://adzapper.sourceforge.net/cvslog.html", "refsource": "CONFIRM", "url": "http://adzapper.sourceforge.net/cvslog.html"}, {"name": "18777", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18777"}, {"name": "16558", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16558"}, {"name": "DSA-966", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-966"}, {"name": "adzapper-squid-redirect-dos(24640)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24640"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308;msg=5;att=1", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308;msg=5;att=1"}, {"name": "22900", "refsource": "OSVDB", "url": "http://www.osvdb.org/22900"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2006-0046", "datePublished": "2006-02-13T11:00:00", "dateReserved": "2005-12-28T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-01:*:*:*:*:*:*:*", "matchCriteriaId": "20DEB2CA-D5BE-4845-9BDF-7B2249167177", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-05:*:*:*:*:*:*:*", "matchCriteriaId": "E27B4924-3FF2-4FB9-AF44-EA8B44721343", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-07:*:*:*:*:*:*:*", "matchCriteriaId": "16454B8B-017D-4B6A-8320-E0102700B227", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-14:*:*:*:*:*:*:*", "matchCriteriaId": "77B5E582-F139-4EC9-8749-45E696CEE7C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-15:*:*:*:*:*:*:*", "matchCriteriaId": "A7403CC7-2865-44E9-B621-07ED028DC511", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-23:*:*:*:*:*:*:*", "matchCriteriaId": "174EC224-7498-4974-907F-3A63DD720D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-24:*:*:*:*:*:*:*", "matchCriteriaId": "C8DF468E-1D9E-47B2-BC92-B37F77B8469F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-25:*:*:*:*:*:*:*", "matchCriteriaId": "CD41FE19-CA35-4E54-BF80-4DCF00CD89FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-28:*:*:*:*:*:*:*", "matchCriteriaId": "F6B26B0D-26A5-4757-A8C2-6DEE728107BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cameron_simpson:adzapper:2006-01-29:*:*:*:*:*:*:*", "matchCriteriaId": "17E5E0B2-EF17-4A8B-BEC5-B1E80DF2EFBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions."}], "id": "CVE-2006-0046", "lastModified": "2023-11-07T01:58:17.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-13T11:06:00.000", "references": [{"source": "security@debian.org", "url": "http://adzapper.sourceforge.net/cvslog.html"}, {"source": "security@debian.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308%3Bmsg=5%3Batt=1"}, {"source": "security@debian.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18771"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18777"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2006/dsa-966"}, {"source": "security@debian.org", "url": "http://www.osvdb.org/22900"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/16558"}, {"source": "security@debian.org", "url": "http://www.vupen.com/english/advisories/2006/0491"}, {"source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24640"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}