Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2622

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2622
Last Modified 12 Aug 2009 01:30:32
Published 28 Jul 2009 01:30:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2622

Summary

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

Vulnerable Systems

Application

  • Squid-cache Squid 3.0

  • Squid-cache Squid 3.1

  • Squid-cache Squid 3.1.0.1

  • Squid-cache Squid 3.1.0.2

  • Squid-cache Squid 3.1.0.3

  • Squid-cache Squid 3.1.0.4


References

CONFIRM - http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch

VUPEN - ADV-2009-2013

CONFIRM - http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

SECTRACK - 1022607

BID - 35812

MANDRIVA - MDVSA-2009:178

MANDRIVA - MDVSA-2009:161

SECUNIA - 36007


Last Updated: 27 May 2016 10:50:58