Test Kennung:	1.3.6.1.4.1.25623.1.0.101105
Kategorie:	Denial of Service
Titel:	Squid < 3.1.4 External Auth Header Parser DoS Vulnerabilities
Zusammenfassung:	Squid is prone to multiple denial of service (DoS); vulnerabilities.
Beschreibung:	Summary: Squid is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The flaw is due to error in 'strListGetItem()' function within 'src/HttpHeaderTools.c'. Vulnerability Impact: Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. Affected Software/OS: Squid version 2.7.x. Solution: Update to version 3.1.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2855 BugTraq ID: 36091 http://www.securityfocus.com/bid/36091 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982 http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592 http://www.securitytracker.com/id?1022757 XForce ISS Database: squid-strlistgetitem-dos(52610) https://exchange.xforce.ibmcloud.com/vulnerabilities/52610
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.