Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Squid
  • Squid

Configuration 1 [-]

OR cpe:2.3:a:squid:squid:2.7.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.7.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.7.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.7.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.7.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable8:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable9:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable10:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable11:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.0.stable12:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:3.1.0.4:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://secunia.com/advisories/33731 Vendor Advisory
http://secunia.com/advisories/34467 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
http://www.securityfocus.com/archive/1/500653/100/0/threaded
http://www.securityfocus.com/bid/33604 Exploit Patch
http://www.securitytracker.com/id?1021684
http://www.squid-cache.org/Advisories/SQUID-2009_1.txt Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=484246
https://www.exploit-db.com/exploits/8021
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-08T22:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2009-02-08T00:00:00

Link: CVE-2009-0478

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-02-08T22:30:00.360

Modified: 2018-10-11T21:01:49.527

Link: CVE-2009-0478

JSON object: View

cve-icon Redhat Information

No data.

CWE