Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2621

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2621
Last Modified 12 Aug 2009 01:30:32
Published 28 Jul 2009 01:30:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2621

Summary

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Vulnerable Systems

Application

  • Squid-cache Squid 3.0

  • Squid-cache Squid 3.1

  • Squid-cache Squid 3.1.0.1

  • Squid-cache Squid 3.1.0.2

  • Squid-cache Squid 3.1.0.3

  • Squid-cache Squid 3.1.0.4


References

CONFIRM - http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch

VUPEN - ADV-2009-2013

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

SECTRACK - 1022607

BID - 35812

MANDRIVA - MDVSA-2009:178

MANDRIVA - MDVSA-2009:161

SECUNIA - 36007


Last Updated: 27 May 2016 10:50:58