Vulnerabilites related to squid - squid
Vulnerability from fkie_nvd
Published
2009-02-08 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.7.stable1 | |
| squid | squid | 2.7.stable2 | |
| squid | squid | 2.7.stable3 | |
| squid | squid | 2.7.stable4 | |
| squid | squid | 2.7.stable5 | |
| squid | squid | 3.0.stable1 | |
| squid | squid | 3.0.stable2 | |
| squid | squid | 3.0.stable3 | |
| squid | squid | 3.0.stable4 | |
| squid | squid | 3.0.stable5 | |
| squid | squid | 3.0.stable6 | |
| squid | squid | 3.0.stable7 | |
| squid | squid | 3.0.stable8 | |
| squid | squid | 3.0.stable9 | |
| squid | squid | 3.0.stable10 | |
| squid | squid | 3.0.stable11 | |
| squid | squid | 3.0.stable12 | |
| squid | squid | 3.1 | |
| squid | squid | 3.1.0.1 | |
| squid | squid | 3.1.0.2 | |
| squid | squid | 3.1.0.3 | |
| squid | squid | 3.1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDD4129-3F89-4833-8789-4568CAE3B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF2ED3A-B88A-49EE-9565-56C726447882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "42579A3F-EDD8-44F7-9436-1B386FDC604E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "C689CFA4-A9F3-4B8B-80CB-F948E8C32C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.7.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "E503C019-4E96-4D4F-B9BD-327E3C22DE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D53774A-4523-4C9F-8FDF-BF39C4F32C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA0CA70-79A0-4AC6-ADE3-99DCE8FB09BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4048B18-219C-4D23-979B-C32A4F84E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBD6F80-63F1-4B6D-BBCD-240D8A18C429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "60A83314-4628-4352-BE10-89ED4B228E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD6F1C-ECE2-4ADA-8230-49500AE0AB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7A5792-DAD0-4E84-90EB-E92873DB763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2786AA-F9B6-4825-9C2E-9548D6D2A3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB49168-03B3-43D5-9076-6FE206EF42A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF222F-1A8E-4351-BBD4-5BC39B5BF2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "38092277-47D4-4B83-BF32-DE595CDE7B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ED346B-D762-481D-92FA-260C2C5A915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73060F28-ABCE-4428-8F12-772E4D312DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A006818-7901-4391-BFF7-9AD1AF8DAFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF28EA4-2847-4176-81C1-C7A2007D14E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAD9B4B-0856-458B-AB21-15D0420A7F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54E9F64C-363B-4702-996F-14F66450D6B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
},
{
"lang": "es",
"value": "Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegaci\u00f3n de servicio por medio de una petici\u00f3n HTTP con un n\u00famero de versi\u00f3n no v\u00e1lido, lo que desencadena una aserci\u00f3n accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c."
}
],
"id": "CVE-2009-0478",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-08T22:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2009-02-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01315F91-D843-49EC-81B2-0FDDD95E0789",
"versionEndIncluding": "2.5_stable9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"id": "CVE-2005-1519",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"id": "CVE-2002-0715",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"id": "CVE-2005-0194",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-01 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "C8585F22-39CB-46E1-B247-377C5C60AB47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
},
{
"lang": "es",
"value": "La funci\u00f3n arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegaci\u00f3n de servicio (terminaci\u00f3n del proceso) a trav\u00e9s de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmaci\u00f3n. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239."
}
],
"id": "CVE-2008-1612",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-01T17:44:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"id": "CVE-2002-0713",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.6.stable1 | |
| suse | suse_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"id": "CVE-2005-3322",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "8029358E-A209-4570-8ECE-57920C88E72E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"id": "CVE-2004-2654",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9801"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitylab.ru/47881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Error de memoria en SNMP de Squid STABLE2 y versiones anteriores permite a un atacante remoto provocar una denegaci\u00f3n del servicio."
}
],
"id": "CVE-2002-0069",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2025-04-03 01:03
Severity ?
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"id": "CVE-2005-2796",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"id": "CVE-2005-0174",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "cve@mitre.org",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 18:19
Modified
2025-04-09 00:30
Severity ?
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8BCEDD-FB0A-4B5F-97FA-185CE6EE9A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "F09C974D-7BCB-450C-B730-1E92719A0763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "551B1272-D426-40B4-94D5-1F7DD8897F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EFC173-02B7-4F2A-A42F-5C14204737A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "A6667E4C-C1B6-416C-9862-6CF618692E15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
},
{
"lang": "es",
"value": "La funci\u00f3n clientProcessRequest() en el archivo src/client_side.c en Squid versiones 2.6 anteriores a 2.6.STABLE12, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de peticiones TRACE creadas que desencadenan un error de aserci\u00f3n."
}
],
"id": "CVE-2007-1560",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-21T18:19:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2025-04-09 00:30
Severity ?
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
},
{
"lang": "es",
"value": "La funci\u00f3n aclMatchExternal en Squid anterior a 2.6.STABLE7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) provocando una sobrecarga de la cola external_acl, lo cual provoca un bucle infinito."
}
],
"id": "CVE-2007-0248",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"id": "CVE-2005-0446",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F50EF3-9CC0-4E49-8B37-E39A3228CB82",
"versionEndIncluding": "2.4_stable_3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE3 y versiones anteriores permite a atacantes remotos causar la denegaci\u00f3n de servicios por volcado del n\u00facleo (core dump) y ejecutar c\u00f3digo arbitrario mediante una direcci\u00f3n URL ftp:// mal construida."
}
],
"id": "CVE-2002-0068",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5378"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-20 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 | |
| squid | squid | 2.5.stable11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E0E93D-2499-4600-BE99-C6CDE99374DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"id": "CVE-2005-3258",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-20T10:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2151"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"id": "CVE-2002-0714",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5924"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"id": "CVE-2005-0173",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 18:28
Modified
2025-04-09 00:30
Severity ?
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "2988AF48-979A-4CBC-90D9-83B364719E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A212F82C-E64A-456F-BD37-58D6D10CF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A370A-815C-49F9-8BDF-C87C615D160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC5316-A83B-4EB5-BCF9-C3800D82F1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0D706-FDE4-43EB-9769-B2922BBDCDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
},
{
"lang": "es",
"value": "El archivo squid/src/ftp.c en Squid versiones anteriores a 2.6.STABLE7, permite a los servidores FTP remotos causar una denegaci\u00f3n de servicio (volcado del n\u00facleo) por medio de respuestas de enumeraci\u00f3n de directorio FTP, posiblemente relacionadas con las funciones (1) ftpListingFinish y (2) ftpHtmlifyListEntry."
}
],
"id": "CVE-2007-0247",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39839"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2007-07-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"id": "CVE-2005-0095",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12886"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"id": "CVE-2005-0718",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/111-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"id": "CVE-2005-1345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED784B-1BF3-4A13-B5BF-AFE7741B8002",
"versionEndIncluding": "2.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
},
{
"lang": "es",
"value": "Las funciones ntlm_fetch_string y ntlm_get_string en Squid 2.5.6 y anteriores, con autenticaci\u00f3n NTLM activada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete NTLMSSP que hace que se pase un valor negativo a memcpy."
}
],
"id": "CVE-2004-0832",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "cve@mitre.org",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-07 18:03
Modified
2025-04-03 01:03
Severity ?
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0.patch1 | |
| squid | squid | 2.0.patch2 | |
| squid | squid | 2.0.pre1 | |
| squid | squid | 2.0.release | |
| squid | squid | 2.1.patch1 | |
| squid | squid | 2.1.patch2 | |
| squid | squid | 2.1.pre1 | |
| squid | squid | 2.1.pre3 | |
| squid | squid | 2.1.pre4 | |
| squid | squid | 2.1.release | |
| squid | squid | 2.2.devel3 | |
| squid | squid | 2.2.devel4 | |
| squid | squid | 2.2.pre1 | |
| squid | squid | 2.2.pre2 | |
| squid | squid | 2.2.stable1 | |
| squid | squid | 2.2.stable2 | |
| squid | squid | 2.2.stable3 | |
| squid | squid | 2.2.stable4 | |
| squid | squid | 2.2.stable5 | |
| squid | squid | 2.3.devel2 | |
| squid | squid | 2.3.devel3 | |
| squid | squid | 2.3.stable1 | |
| squid | squid | 2.3.stable2 | |
| squid | squid | 2.3.stable3 | |
| squid | squid | 2.3.stable4 | |
| squid | squid | 2.3.stable5 | |
| squid | squid | 2.4.stable1 | |
| squid | squid | 2.4.stable2 | |
| squid | squid | 2.4.stable3 | |
| squid | squid | 2.4.stable4 | |
| squid | squid | 2.4.stable6 | |
| squid | squid | 2.4.stable7 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5.stable8 | |
| squid | squid | 2.5.stable9 | |
| squid | squid | 2.5.stable10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0771FC-F8FB-4065-B6E1-EA21ECE77AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B81A56D-3F2E-455B-A960-69728437B31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7799D4-7B04-463B-BA19-AE36CD9DD694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8093EE-AA6A-4E2C-A891-163A42EA89EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*",
"matchCriteriaId": "3655286B-D44A-4DCB-8DF4-D45A36398933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFDCE5E-6D74-4E13-B830-E412C33EF337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3AC2-E633-41D2-B49B-A92E5FB974F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "87284115-14F4-4FB6-A8D9-7C7A3B5151E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB618BD-9C6D-458D-A521-FE436C428A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*",
"matchCriteriaId": "C8717751-A250-49F6-97E9-C14C8A44E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "D360F838-C65C-4E76-B460-ADE1AB7657C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*",
"matchCriteriaId": "67618D3A-9C74-4701-B42F-385E0221D75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C501D54D-5294-4BFD-9858-BE70C411B928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB5358-7833-4D1E-8F22-CB2714E36F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2265D309-4E50-45A3-A884-9F1FA361D453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "45663027-1EFD-415A-8AB3-BCE544F4AD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38EAAEE-BAB5-42EC-B171-93D9E32AC6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E1D6A-2C46-4062-87B2-726FCC5967B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "38D24DCC-6C2A-466A-B59F-3D07F62175D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC7B751-34D9-4BBB-8608-97823E5F5F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*",
"matchCriteriaId": "DADF48B4-C9DA-41B7-9124-882ADF625F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "446879FE-02A7-4576-A726-6E7C918C4E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F495D6-7734-411D-B527-14C74A345E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFA76EB-C5A5-4652-8EF1-66E2B061BE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB6D7E3-697C-4AA9-9925-371AB99CA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2DD635-BB74-4311-9E62-0DFAEB8DC121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E006EBC-5624-4AEE-85A8-10E33FCB20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8DC1BE-EA6C-41B8-9D50-AACE2F2BA424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "155CB225-3F1B-4841-90F7-49C4CF90B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "21905542-2429-4695-B253-AEC648B0BB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "317FED1B-9C39-40E5-980D-C5ED808D8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "48242DB9-5EB2-4C95-A944-C52B798A32A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "4233D036-BBD8-48AA-AD1C-403AF262B192",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"id": "CVE-2005-2794",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-07T18:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-30 18:05
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE077B6D-CB5E-445A-97F8-444D3D7FCAD5",
"versionEndIncluding": "2.5.stable10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7F1E4-35E3-43A0-B4F8-68697D70908E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"id": "CVE-2005-2917",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-30T18:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"id": "CVE-2005-0097",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
},
{
"lang": "es",
"value": "La funci\u00f3n de decodificaci\u00f3n de URL \"%xx\" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un car\u00e1cter nulo (\"%00\"), lo que hace que Squid use s\u00f3lo un parte de la URL solicitada para compararla con la lista de control de acceso."
}
],
"id": "CVE-2004-0189",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5916"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openpkg | openpkg | 2.1 | |
| openpkg | openpkg | 2.2 | |
| openpkg | openpkg | current | |
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 3.0_pre1 | |
| squid | squid | 3.0_pre2 | |
| squid | squid | 3.0_pre3 | |
| gentoo | linux | * | |
| redhat | fedora_core | core_2.0 | |
| trustix | secure_linux | 1.5 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF89643B-169C-4ECD-B905-F4FE7F37030D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "631B754D-1EB0-4A64-819A-5A24E7D0ADFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:3.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "95AB69CF-AD54-4D30-A9C5-4253855A760F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"id": "CVE-2004-0918",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"id": "CVE-2005-0175",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C4A52-3191-423A-97C9-0E86A8D8160E",
"versionEndIncluding": "2.4_stable_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Squid 2.4 STABLE2 y versiones anteriores no deshabilita adecuadamente HTCP, incluso cuando \"\"htcp_port 0\"\" es especificado en el fichero squid.conf, el cual podr\u00eda permitir a atacantes remotos saltarse las restricciones de acceso."
}
],
"id": "CVE-2002-0067",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5379"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90.2 | |
| gibraltar | gibraltar_firewall | 2.2 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gibraltar:gibraltar_firewall:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA242C-9328-484D-A8E8-D185DE475B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"id": "CVE-2005-1711",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"id": "CVE-2005-0094",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera | 6.0.3 | |
| squid | squid | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4BDFF-55FC-4D2A-87BE-6B6B2320CA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"id": "CVE-2002-2414",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10673.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"id": "CVE-2005-0241",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "security@debian.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-26 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5187F-1587-43D4-801C-99C47F2AFC01",
"versionEndIncluding": "2.4_9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Squid anterior a 2.4.9 permite a un atacante remoto producir una denegaci\u00f3n de servicio, y probablemente ejecutar c\u00f3digo arbitrario, mediante respuestas DNS comprimidas."
}
],
"id": "CVE-2002-0163",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-25 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid | 2.0_patch2 | |
| squid | squid | 2.1_patch2 | |
| squid | squid | 2.3_.stable4 | |
| squid | squid | 2.3_.stable5 | |
| squid | squid | 2.3_stable5 | |
| squid | squid | 2.4 | |
| squid | squid | 2.4_.stable2 | |
| squid | squid | 2.4_.stable6 | |
| squid | squid | 2.4_.stable7 | |
| squid | squid | 2.4_stable7 | |
| squid | squid | 2.5.6 | |
| squid | squid | 2.5.stable1 | |
| squid | squid | 2.5.stable2 | |
| squid | squid | 2.5.stable3 | |
| squid | squid | 2.5.stable4 | |
| squid | squid | 2.5.stable5 | |
| squid | squid | 2.5.stable6 | |
| squid | squid | 2.5.stable7 | |
| squid | squid | 2.5_.stable1 | |
| squid | squid | 2.5_.stable3 | |
| squid | squid | 2.5_.stable4 | |
| squid | squid | 2.5_.stable5 | |
| squid | squid | 2.5_.stable6 | |
| squid | squid | 2.5_stable3 | |
| squid | squid | 2.5_stable4 | |
| squid | squid | 2.5_stable9 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6BFB6A-0AFC-4E52-AD48-252E741B683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9797A37-FD26-4527-B2FA-E458F7A88D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F697BB-5C94-42CD-AD9E-72C3D3675D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE764CDC-1018-4502-8F41-8A48E38E7AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBAAC5B-6012-410F-B765-689A8D55B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF792263-D6ED-4AD1-98C1-0E22670EF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C66D46-D3C7-4FCC-B80D-EBA542E77C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6C02F-D194-4CA7-9DEC-A436A4E8C99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7D86CB-EEAD-4C40-855D-E98E4ED8B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59C3E7-0AC0-4886-B4B4-56904AC93C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "5207FB50-946A-4AB2-AED9-9BA78B88F1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5_stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4C4F43-0807-400C-890B-D13BF5B9BF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"id": "CVE-2005-0096",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-25T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-08 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"id": "CVE-2005-0626",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/93-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/93-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-3322 (GCVE-0-2005-3322)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-05T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "15165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3322",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0097 (GCVE-0-2005-0097)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "13789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13789"
},
{
"name": "12220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12220"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "oval:org.mitre.oval:def:11646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0097",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0173 (GCVE-0-2005-0173)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "VU#924198",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/924198"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch"
},
{
"name": "12431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12431"
},
{
"name": "oval:org.mitre.oval:def:10251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0173",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0067 (GCVE-0-2002-0067)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0067",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0713 (GCVE-0-2002-0713)
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squid-ftp-dir-bo(9481)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squid-ftp-dir-bo(9481)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0713",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0626 (GCVE-0-2005-0626)
Vulnerability from cvelistv5
Published
2005-03-03 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12716"
},
{
"name": "USN-93-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/93-1/"
},
{
"name": "squid-set-cookie-race-condition(19581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19581"
},
{
"name": "oval:org.mitre.oval:def:11169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11169"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0626",
"datePublished": "2005-03-03T05:00:00",
"dateReserved": "2005-03-03T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2414 (GCVE-0-2002-2414)
Vulnerability from cvelistv5
Published
2007-11-01 17:00
Modified
2024-08-08 04:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10673.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=103783186608438\u0026w=2"
},
{
"name": "6218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10673.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2414",
"datePublished": "2007-11-01T17:00:00",
"dateReserved": "2007-11-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:53.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0068 (GCVE-0-2002-0068)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101440163111826\u0026w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0068",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2796 (GCVE-0-2005-2796)
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "14731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14731"
},
{
"name": "oval:org.mitre.oval:def:10522",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10522"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "1014846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014846"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2796",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0194 (GCVE-0-2005-0194)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/260421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls"
},
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1166"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "VU#260421",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/260421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0194",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-31T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1345 (GCVE-0-2005-1345)
Vulnerability from cvelistv5
Published
2005-04-28 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "CLA-2005:948",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
},
{
"name": "oval:org.mitre.oval:def:10513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
},
{
"name": "DSA-721",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-721"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1345",
"datePublished": "2005-04-28T04:00:00",
"dateReserved": "2005-04-28T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1612 (GCVE-0-2008-1612)
Vulnerability from cvelistv5
Published
2008-04-01 17:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:43.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-601-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-601-1"
},
{
"name": "FEDORA-2008-2740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
},
{
"name": "28693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28693"
},
{
"name": "29813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29813"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "30032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30032"
},
{
"name": "DSA-1646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1646"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "27477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27477"
},
{
"name": "squid-arrayshrink-dos(41586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
},
{
"name": "MDVSA-2008:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
},
{
"name": "32109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
},
{
"name": "RHSA-2008:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
},
{
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squid-announce\u0026m=120614453813157\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1612",
"datePublished": "2008-04-01T17:00:00",
"dateReserved": "2008-04-01T00:00:00",
"dateUpdated": "2024-08-07T08:24:43.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0095 (GCVE-0-2005-0095)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid\u0027s home router and invalid WCCP_I_SEE_YOU cache numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "12275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12275"
},
{
"name": "12886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12886"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch"
},
{
"name": "oval:org.mitre.oval:def:10269",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10269"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_2.txt"
},
{
"name": "1012882",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012882"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0095",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0069 (GCVE-0-2002-0069)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101443252627021\u0026w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-snmp-dos(8260)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8260.php"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101431040422095\u0026w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "4146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0069",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-19T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0714 (GCVE-0-2002-0714)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "5158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5158"
},
{
"name": "CLA-2002:506",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000506"
},
{
"name": "squid-ftp-data-injection(9479)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9479.php"
},
{
"name": "5924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0714",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0096 (GCVE-0-2005-0096)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0096",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2917 (GCVE-0-2005-2917)
Vulnerability from cvelistv5
Published
2005-09-30 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2917",
"datePublished": "2005-09-30T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1560 (GCVE-0-2007-1560)
Vulnerability from cvelistv5
Published
2007-03-21 18:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200703-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-27.xml"
},
{
"name": "ADV-2007-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch"
},
{
"name": "24611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24611"
},
{
"name": "SUSE-SR:2007:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"name": "23085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23085"
},
{
"name": "24625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"
},
{
"name": "oval:org.mitre.oval:def:10291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291"
},
{
"name": "MDKSA-2007:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:068"
},
{
"name": "USN-441-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-441-1"
},
{
"name": "1017805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017805"
},
{
"name": "24662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24662"
},
{
"name": "squid-clientprocessrequest-dos(33124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33124"
},
{
"name": "24911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24911"
},
{
"name": "RHSA-2007:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0131.html"
},
{
"name": "24614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24614"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-1560",
"datePublished": "2007-03-21T18:00:00",
"dateReserved": "2007-03-21T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0478 (GCVE-0-2009-0478)
Vulnerability from cvelistv5
Published
2009-02-08 22:00
Modified
2024-08-07 04:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33604"
},
{
"name": "33731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33731"
},
{
"name": "GLSA-200903-38",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
},
{
"name": "20090204 Squid Proxy Cache Denial of Service in request handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500653/100/0/threaded"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=484246",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484246"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch"
},
{
"name": "1021684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021684"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"
},
{
"name": "MDVSA-2009:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:034"
},
{
"name": "8021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8021"
},
{
"name": "34467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0478",
"datePublished": "2009-02-08T22:00:00",
"dateReserved": "2009-02-08T00:00:00",
"dateUpdated": "2024-08-07T04:31:26.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0241 (GCVE-0-2005-0241)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "14091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14091"
},
{
"name": "VU#823350",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/823350"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
},
{
"name": "oval:org.mitre.oval:def:10998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "squid-http-cache-poisoning(19060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-0241",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0832 (GCVE-0-2004-0832)
Vulnerability from cvelistv5
Published
2004-09-28 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlm_fetch_string"
},
{
"name": "11098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11098"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1045"
},
{
"name": "GLSA-200409-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "2004-0047",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0047/"
},
{
"name": "oval:org.mitre.oval:def:10489",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489"
},
{
"name": "squid-ntlmssp-dos(17218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17218"
},
{
"name": "MDKSA-2004:093",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0832",
"datePublished": "2004-09-28T04:00:00",
"dateReserved": "2004-09-08T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0175 (GCVE-0-2005-0175)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"
},
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"name": "VU#625878",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"name": "oval:org.mitre.oval:def:11605",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11605"
},
{
"name": "12433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12433"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0175",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1519 (GCVE-0-2005-1519)
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "13592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1519",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2794 (GCVE-0-2005-2794)
Vulnerability from cvelistv5
Published
2005-09-07 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10276"
},
{
"name": "MDKSA-2005:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:162"
},
{
"name": "14761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14761"
},
{
"name": "DSA-809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-809"
},
{
"name": "SUSE-SA:2005:053",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_53_squid.html"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "GLSA-200509-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING"
},
{
"name": "RHSA-2005:766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-766.html"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "16977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2794",
"datePublished": "2005-09-07T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0189 (GCVE-0-2004-0189)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-15T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
},
{
"name": "squid-urlregex-acl-bypass(15366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
},
{
"name": "DSA-474",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-474"
},
{
"name": "oval:org.mitre.oval:def:877",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
},
{
"name": "9778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9778"
},
{
"name": "MDKSA-2004:025",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
},
{
"name": "oval:org.mitre.oval:def:941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
},
{
"name": "RHSA-2004:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
},
{
"name": "RHSA-2004:134",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
},
{
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108084935904110\u0026w=2"
},
{
"name": "GLSA-200403-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000838"
},
{
"name": "5916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0189",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0446 (GCVE-0-2005-0446)
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050221 [USN-84-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110901183320453\u0026w=2"
},
{
"name": "GLSA-200502-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-25.xml"
},
{
"name": "14271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14271"
},
{
"name": "squid-xstrndup-dos(19332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19332"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch"
},
{
"name": "RHSA-2005:201",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-201.html"
},
{
"name": "12551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12551"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-688"
},
{
"name": "RHSA-2005:173",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-173.html"
},
{
"name": "oval:org.mitre.oval:def:11264",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11264"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "MDKSA-2005:047",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0446",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0918 (GCVE-0-2004-0918)
Vulnerability from cvelistv5
Published
2004-10-21 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "11385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11385"
},
{
"name": "SCOSA-2005.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
},
{
"name": "RHSA-2004:591",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-591.html"
},
{
"name": "20041011 Squid Web Proxy Cache Remote Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=152\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2004_3.txt"
},
{
"name": "oval:org.mitre.oval:def:10931",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931"
},
{
"name": "ADV-2008-1969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1969/references"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "FEDORA-2008-6045",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html"
},
{
"name": "OpenPKG-SA-2004.048",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=109913064629327\u0026w=2"
},
{
"name": "squid-snmp-asnparseheader-dos(17688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17688"
},
{
"name": "30914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30914"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2008_1.txt"
},
{
"name": "GLSA-200410-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0918",
"datePublished": "2004-10-21T04:00:00",
"dateReserved": "2004-09-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0094 (GCVE-0-2005-0094)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:923",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000923"
},
{
"name": "oval:org.mitre.oval:def:11146",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_1.txt"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12276"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "DSA-651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-651"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "MDKSA-2005:014",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:014"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "13825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13825"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0094",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2654 (GCVE-0-2004-2654)
Vulnerability from cvelistv5
Published
2006-02-24 11:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/47881.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor\u0027s bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972",
"refsource": "MISC",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=972"
},
{
"name": "1011214",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011214"
},
{
"name": "9801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9801"
},
{
"name": "20060223 old Squid clientAbortBody issue - NOT an overflow?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-February/000570.html"
},
{
"name": "12754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12754"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "http://www.securitylab.ru/47881.html",
"refsource": "MISC",
"url": "http://www.securitylab.ru/47881.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2654",
"datePublished": "2006-02-24T11:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0248 (GCVE-0-2007-0248)
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "22203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22203"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "squid-externalacl-dos(31525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31525"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0248",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3258 (GCVE-0-2005-3258)
Vulnerability from cvelistv5
Published
2005-10-20 04:00
Modified
2024-08-07 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-04T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17407"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3258",
"datePublished": "2005-10-20T04:00:00",
"dateReserved": "2005-10-19T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0174 (GCVE-0-2005-0174)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2005-373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"
},
{
"name": "12412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12412"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "VU#768702",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/768702"
},
{
"name": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt",
"refsource": "CONFIRM",
"url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "oval:org.mitre.oval:def:10656",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0174",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0247 (GCVE-0-2007-0247)
Vulnerability from cvelistv5
Published
2007-01-16 18:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1857"
},
{
"name": "23921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23921"
},
{
"name": "23946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23946"
},
{
"name": "22079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22079"
},
{
"name": "ADV-2007-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0199"
},
{
"name": "GLSA-200701-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml"
},
{
"name": "23810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23810"
},
{
"name": "SUSE-SA:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_squid.html"
},
{
"name": "MDKSA-2007:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:026"
},
{
"name": "2007-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0003/"
},
{
"name": "USN-414-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-414-1"
},
{
"name": "23837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23837"
},
{
"name": "23805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23805"
},
{
"name": "23767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23767"
},
{
"name": "39839",
"refsource": "OSVDB",
"url": "http://osvdb.org/39839"
},
{
"name": "FEDORA-2007-092",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2442"
},
{
"name": "23889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23889"
},
{
"name": "squid-multiple-dos(31523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0247",
"datePublished": "2007-01-16T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0718 (GCVE-0-2005-0718)
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1224"
},
{
"name": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post",
"refsource": "CONFIRM",
"url": "http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post"
},
{
"name": "oval:org.mitre.oval:def:11562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11562"
},
{
"name": "squid-put-post-dos(19919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19919"
},
{
"name": "13166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13166"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12508"
},
{
"name": "RHSA-2005:489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "USN-111-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/111-1/"
},
{
"name": "CLA-2005:931",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"name": "RHSA-2005:415",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0718",
"datePublished": "2005-03-12T05:00:00",
"dateReserved": "2005-03-12T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1711 (GCVE-0-2005-1711)
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-09-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1711",
"datePublished": "2005-05-24T04:00:00Z",
"dateReserved": "2005-05-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0715 (GCVE-0-2002-0715)
Vulnerability from cvelistv5
Published
2002-07-23 04:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0715",
"datePublished": "2002-07-23T04:00:00",
"dateReserved": "2002-07-20T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0163 (GCVE-0-2002-0163)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101716495023226\u0026w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0163",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-03-28T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}