Denial of Service : Squid 4.0.1 < 4.14, 5.0.1 < 5.0.5 DoS Vulnerability (GHSA-jjq6-mh2h-g39h, SQUID-2021:2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146029

Categoría: Denial of Service

Título: Squid 4.0.1 < 4.14, 5.0.1 < 5.0.5 DoS Vulnerability (GHSA-jjq6-mh2h-g39h, SQUID-2021:2)

Resumen: Squid is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Squid is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
Due to an input validation bug Squid is vulnerable to a DoS
against all clients using the proxy.

This problem allows a remote server to perform a DoS when delivering HTTP Response messages. The
issue trigger is a header which can be expected to exist in HTTP traffic without any malicious
intent by the server.

This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days'
publication in October 2023 and filed as 'Vary: Other HTTP Response Assertion Crash'.

Affected Software/OS:
Squid version 4.0.1 through 4.14 and 5.0.1 through 5.0.5.

Solution:
Update to version 4.15, 5.0.6 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-28662
Debian Security Information: DSA-4924 (Google Search)
https://www.debian.org/security/2021/dsa-4924
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
http://seclists.org/fulldisclosure/2023/Oct/14
http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch
https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
http://www.openwall.com/lists/oss-security/2023/10/11/3

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146029
Categoría:	Denial of Service
Título:	Squid 4.0.1 < 4.14, 5.0.1 < 5.0.5 DoS Vulnerability (GHSA-jjq6-mh2h-g39h, SQUID-2021:2)
Resumen:	Squid is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Squid is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Due to an input validation bug Squid is vulnerable to a DoS against all clients using the proxy. This problem allows a remote server to perform a DoS when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Vary: Other HTTP Response Assertion Crash'. Affected Software/OS: Squid version 4.0.1 through 4.14 and 5.0.1 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-28662 Debian Security Information: DSA-4924 (Google Search) https://www.debian.org/security/2021/dsa-4924 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h http://www.openwall.com/lists/oss-security/2023/10/11/3
Copyright	Copyright (C) 2021 Greenbone AG