Search criteria
116 vulnerabilities found for squid by squid
VAR-201109-0081
Vulnerability from variot - Updated: 2025-12-22 23:57Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2304-1 security@debian.org http://www.debian.org/security/ Nico Golde Sep 11, 2011 http://www.debian.org/security/faq
Package : squid3 Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : 639755 CVE IDs : CVE-2011-3205
Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies.
For the oldstable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny5.
For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 3.1.15-1.
For the unstable distribution (sid), this problem has been fixed in version 3.1.15-1.
We recommend that you upgrade your squid3 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 =====================================================================
- Summary:
An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. (CVE-2011-3205)
Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm
s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm
i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm
x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: Squid Gopher Response Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA45805
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
RELEASE DATE: 2011-08-30
DISCUSS ADVISORY: http://secunia.com/advisories/45805/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45805/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45805
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
This is related to vulnerability #2 in: SA13825
The vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25 and 3.1.x prior to 3.1.14
SOLUTION: Update to version 3.0.STABLE26 or 3.1.15.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Hawkes, Google Security Team.
ORIGINAL ADVISORY: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
For more information: SA45805
SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-24
http://security.gentoo.org/
Severity: High Title: Squid: Multiple vulnerabilities Date: October 26, 2011 Bugs: #279379, #279380, #301828, #334263, #381065, #386215 ID: 201110-24
Synopsis
Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-proxy/squid < 3.1.15 >= 3.1.15
Description
Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All squid users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621 [ 2 ] CVE-2009-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622 [ 3 ] CVE-2009-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855 [ 4 ] CVE-2010-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308 [ 5 ] CVE-2010-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639 [ 6 ] CVE-2010-2951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951 [ 7 ] CVE-2010-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072 [ 8 ] CVE-2011-3205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.9,
"vendor": "squid cache",
"version": "3.1.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.0.stable2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid cache",
"version": "3.1.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.17"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.3,
"vendor": "squid cache",
"version": "3.1.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.1,
"vendor": "squid cache",
"version": "3.1.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable17"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable22"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable24"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable18"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable23"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.15"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable20"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.11"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable12"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable13"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable19"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.1.8"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable16"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable25"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable21"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable14"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.2.0.10"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid cache",
"version": "3.0.stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2.0.11"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.1"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.0.stable26"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.x"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.13"
},
{
"model": "3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable18",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable21",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.14"
},
{
"model": "3.0.stable8",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy 3.0.stable26",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable22",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable7",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable13",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.10"
},
{
"model": "3.0.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable23",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable15",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable16 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable20",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy cache",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.11"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "3.0.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "3.0.stable4",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "3.0.stable3",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable12",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "3.0.stable2",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable17",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "3.1.15"
},
{
"model": "3.0.stable1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable11",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable24",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.1"
},
{
"model": "3.0.stable11 rc1",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable9",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "3.0.stable14",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.2.0.1"
},
{
"model": "3.0.stable19",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "3.0.stable10",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web proxy 3.0.stable25",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "3.0.stable16",
"scope": null,
"trust": 0.3,
"vendor": "squid cache",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
}
],
"trust": 0.5
},
"cve": "CVE-2011-3205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3205",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3205",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Squid is a proxy server and web cache server. Squid is flawed in parsing responses from the Gopher server. If the Gopher server returns more than 4096 bytes, it can trigger a buffer overflow. This overflow can cause memory corruption to generally cause Squid to crash. A malicious user must set up a fake Gopher server and forward the request through Squid. Successful exploitation of vulnerabilities allows arbitrary code to be executed in a server context. Squid Proxy is prone remote buffer-overflow vulnerability affects the Gopher-to-HTML functionality. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2304-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSep 11, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid3\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian bug : 639755\nCVE IDs : CVE-2011-3205\n\nBen Hawkes discovered that squid3, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing gopher\nserver replies. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1. \n\nWe recommend that you upgrade your squid3 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: squid security update\nAdvisory ID: RHSA-2011:1293-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html\nIssue date: 2011-09-14\nCVE Names: CVE-2011-3205 \n=====================================================================\n\n1. Summary:\n\nAn updated squid package that fixes one security issue is now available for\nRed Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nSquid is a high-performance proxy caching server for web clients,\nsupporting FTP, Gopher, and HTTP data objects. \n(CVE-2011-3205)\n\nUsers of squid should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing this update, the\nsquid service will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nppc64:\nsquid-3.1.10-1.el6_1.1.ppc64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm\n\ns390x:\nsquid-3.1.10-1.el6_1.1.s390x.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm\n\ni386:\nsquid-3.1.10-1.el6_1.1.i686.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.i686.rpm\n\nx86_64:\nsquid-3.1.10-1.el6_1.1.x86_64.rpm\nsquid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3205.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA\nrDOr/svPTfi23jLvkODeYbk=\n=0hIH\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Gopher Response Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45805\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45805/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nRELEASE DATE:\n2011-08-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45805/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45805/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service) or potentially\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error when processing\nGopher responses and can be exploited to cause a buffer overflow via\nan overly long string. \n\nThis is related to vulnerability #2 in:\nSA13825\n\nThe vulnerability is reported in versions 3.0.x prior to 3.0.STABLE25\nand 3.1.x prior to 3.1.14\n\nSOLUTION:\nUpdate to version 3.0.STABLE26 or 3.1.15. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Hawkes, Google Security Team. \n\nORIGINAL ADVISORY:\nhttp://www.squid-cache.org/Advisories/SQUID-2011_3.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nThe new Secunia Corporate Software Inspector (CSI) 5.0 \nIntegrates with Microsoft WSUS \u0026 SCCM and supports Apple Mac OS X. This fixes a vulnerability,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) or potentially compromise a vulnerable system. \n\nFor more information:\nSA45805\n\nSOLUTION:\nApply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Squid: Multiple vulnerabilities\n Date: October 26, 2011\n Bugs: #279379, #279380, #301828, #334263, #381065, #386215\n ID: 201110-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Squid allowing attackers to\nexecute arbitrary code or cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-proxy/squid \u003c 3.1.15 \u003e= 3.1.15\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Squid. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-proxy/squid-3.1.15\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 4, 2011. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621\n[ 2 ] CVE-2009-2622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622\n[ 3 ] CVE-2009-2855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855\n[ 4 ] CVE-2010-0308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308\n[ 5 ] CVE-2010-0639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639\n[ 6 ] CVE-2010-2951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951\n[ 7 ] CVE-2010-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072\n[ 8 ] CVE-2011-3205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3205",
"trust": 3.0
},
{
"db": "BID",
"id": "49356",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "45805",
"trust": 2.3
},
{
"db": "SECUNIA",
"id": "45920",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45906",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "46029",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45965",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1025981",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/29/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/8",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/08/30/4",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "74847",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3411",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "105002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106273",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"id": "VAR-201109-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
}
]
},
"last_update_date": "2025-12-22T23:57:06.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffer Overflow vulnerability in Squid",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"title": "SQUID-2011:3",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"title": "Squid Gopher Answers Patch for Handling Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/4943"
},
{
"title": "Squid Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234527"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/49356"
},
{
"trust": 2.0,
"url": "http://www.squid-cache.org/advisories/squid-2011_3.txt"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065534.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46029"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45920"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:150"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45965"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45805"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45906"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v2/2.head/changesets/12710.patch"
},
{
"trust": 1.6,
"url": "http://www.squid-cache.org/versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1025981"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1293.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/74847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3205"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/45805/http"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3205"
},
{
"trust": 0.3,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.2,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1293.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3205.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45805/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45805"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45920/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45920"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45906"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46029/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46029"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/trial/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45965"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45965/#comments"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201110-24.xml"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2855"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2622"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"db": "BID",
"id": "49356"
},
{
"db": "PACKETSTORM",
"id": "105002"
},
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "PACKETSTORM",
"id": "104550"
},
{
"db": "PACKETSTORM",
"id": "104920"
},
{
"db": "PACKETSTORM",
"id": "104911"
},
{
"db": "PACKETSTORM",
"id": "107145"
},
{
"db": "PACKETSTORM",
"id": "105010"
},
{
"db": "PACKETSTORM",
"id": "106273"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2011-08-29T00:00:00",
"db": "BID",
"id": "49356"
},
{
"date": "2011-09-12T14:44:49",
"db": "PACKETSTORM",
"id": "105002"
},
{
"date": "2011-09-14T22:52:18",
"db": "PACKETSTORM",
"id": "105119"
},
{
"date": "2011-08-29T05:10:22",
"db": "PACKETSTORM",
"id": "104550"
},
{
"date": "2011-09-08T08:14:56",
"db": "PACKETSTORM",
"id": "104920"
},
{
"date": "2011-09-08T08:14:29",
"db": "PACKETSTORM",
"id": "104911"
},
{
"date": "2011-11-19T11:11:14",
"db": "PACKETSTORM",
"id": "107145"
},
{
"date": "2011-09-13T05:45:01",
"db": "PACKETSTORM",
"id": "105010"
},
{
"date": "2011-10-26T23:33:14",
"db": "PACKETSTORM",
"id": "106273"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2011-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2011-09-06T15:55:08.383000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3411"
},
{
"date": "2015-05-07T17:11:00",
"db": "BID",
"id": "49356"
},
{
"date": "2011-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-051"
},
{
"date": "2012-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004877"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "105119"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-051"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gopher of gopherToHTML Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-512"
}
],
"trust": 0.6
}
}
VAR-200505-0836
Vulnerability from variot - Updated: 2025-04-03 22:19Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. This vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0836",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.6.stable1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "gibraltar",
"version": "2.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clam anti virus",
"version": "0.90.2"
},
{
"model": "firewall a",
"scope": "ne",
"trust": 0.3,
"vendor": "gibraltar",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1711",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12920",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1711",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine. \nThis vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1711",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014030",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157",
"trust": 0.7
},
{
"db": "BID",
"id": "13713",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12920",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"id": "VAR-200505-0836",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:08.661000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014030"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/changes.php?onlylastversion=1\u0026htmloutput=1\u0026to=2.2a"
},
{
"trust": 0.3,
"url": "http://gibraltar.at/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12920"
},
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2005-05-23T00:00:00",
"db": "BID",
"id": "13713"
},
{
"date": "2005-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"date": "2005-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12920"
},
{
"date": "2009-07-12T14:56:00",
"db": "BID",
"id": "13713"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1157"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-1711"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gibraltar Firewall Antivirus Scan Avoidance Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "13713"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1157"
}
],
"trust": 0.9
}
}
VAR-200502-0104
Vulnerability from variot - Updated: 2025-04-03 20:37Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user's browser. This issue results from insufficient sanitization of user-supplied data. Squid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 667-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq
Package : squid Vulnerability : several Problem-Type : remote Debian-specific: no CVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2005-0173
LDAP is very forgiving about spaces in search filters and this
could be abused to log in using several variants of the login
name, possibly bypassing explicit access controls or confusing
accounting.
CAN-2005-0211
The length argument of the WCCP recvfrom() call is larger than it
should be. An attacker may send a larger than normal WCCP packet
that could overflow a buffer.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody6.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-7.
We recommend that you upgrade your squid package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc
Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz
Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228
Alpha architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0
ARM architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV R0Sv6Ly/9lV7nT/fQbPRyv8= =LwDu -----END PGP SIGNATURE-----
. --------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated squid package fixes security issues Advisory ID: FLSA:152809 Issue date: 2006-02-18 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0173 CVE-2005-0174 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211 CVE-2005-0241 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-2005-1345 CVE-1999-0710 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-2796 CVE-2005-2917
- Topic:
An updated Squid package that fixes several security issues is now available.
- Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386
- Problem description:
A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0541 to this issue.
An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0832 to this issue.
iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0918 to this issue.
A buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to this issue.
An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.
A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to this issue.
A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0097 to this issue.
A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0173 to this issue.
The way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0174 and CVE-2005-0175 to these issues.
When processing the configuration file, Squid parses empty Access Control Lists (ACLs) and proxy_auth ACLs without defined auth schemes in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to this issue.
A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0211 to this issue.
A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0241 to this issue.
A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue.
A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue.
A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue.
A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue.
A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue.
A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue.
A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2479 to this issue.
Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues.
A bug was found in the way Squid handles certain request sequences while performing NTLM authentication. It is possible for an attacker to cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2917 to this issue.
Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (.rpm) if your current directory only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
- Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809
- RPMs required:
Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
- Verification:
SHA1 sum Package Name
5db383926b0358e7b1a74cd0c84d3c253fae82a6 redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm 8d2b75252ee52b9fe943d4478960e30508bae4ea redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm d90f37a598d6789876d85fc41297fb6d6957711d redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm c6f5927ebca3000a5d9cb2d52912e9ea989ee8eb redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm 4e1d0e1546e50f3f694617ce641b31230b3989ad fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm 03e318f01302e6305d368349ea778ac9f104839d fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm 9eb87b9c886d2c72d6ecefa3f70e016d65de9574 fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm 6aab32f2cb1e01196722d2ee6e980dc3915d788b fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
- References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917
- Contact:
The Fedora Legacy security contact is secnotice@fedoralegacy.org. More project details at http://www.fedoralegacy.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200502-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "squid",
"version": null
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable2"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable3"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable3",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable1",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable2",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "weblogic server",
"scope": "lte",
"trust": 0.8,
"vendor": "bea",
"version": "8.1 sp2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "squid",
"scope": "lte",
"trust": 0.8,
"vendor": "squid cache",
"version": "2.5 stable7"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet security and acceleration server",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.1"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.017"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.016"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.008"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.217"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.216"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.215"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.212"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.211"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.210"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.200"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.030"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.027"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.026"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.025"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.024"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.023"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.016"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "netcache",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "science foundation squid web proxy stable7",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable6",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable1",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.1"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.3"
},
{
"model": "systems weblogic server for win32 sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server for win32",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "web proxy cache .stable9",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable8",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bea:weblogic_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:isa_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "12433"
}
],
"trust": 0.3
},
"cve": "CVE-2005-0175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0175",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0175",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#768702",
"trust": 0.8,
"value": "10.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#625878",
"trust": 0.8,
"value": "7.50"
},
{
"author": "NVD",
"id": "CVE-2005-0175",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user\u0027s browser. This issue results from insufficient sanitization of user-supplied data. \nSquid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. \nExploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. \nWhile the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. \nThis vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 667-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211\n\nSeveral vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCAN-2005-0173\n\n LDAP is very forgiving about spaces in search filters and this\n could be abused to log in using several variants of the login\n name, possibly bypassing explicit access controls or confusing\n accounting. \n\nCAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is larger than it\n should be. An attacker may send a larger than normal WCCP packet\n that could overflow a buffer. \n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-7. \n\nWe recommend that you upgrade your squid package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc\n Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz\n Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz\n Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.5 (GNU/Linux)\n\niD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV\nR0Sv6Ly/9lV7nT/fQbPRyv8=\n=LwDu\n-----END PGP SIGNATURE-----\n\n. ---------------------------------------------------------------------\n Fedora Legacy Update Advisory\n\nSynopsis: Updated squid package fixes security issues\nAdvisory ID: FLSA:152809\nIssue date: 2006-02-18\nProduct: Red Hat Linux, Fedora Core\nKeywords: Bugfix\nCVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918\n CVE-2005-0094 CVE-2005-0095 CVE-2005-0096\n CVE-2005-0097 CVE-2005-0173 CVE-2005-0174\n CVE-2005-0175 CVE-2005-0194 CVE-2005-0211\n CVE-2005-0241 CVE-2005-0446 CVE-2005-0626\n CVE-2005-0718 CVE-2005-1345 CVE-1999-0710\n CVE-2005-1519 CVE-2004-2479 CVE-2005-2794\n CVE-2005-2796 CVE-2005-2917\n\n---------------------------------------------------------------------\n\n\n---------------------------------------------------------------------\n1. Topic:\n\nAn updated Squid package that fixes several security issues is now\navailable. \n\n2. Relevant releases/architectures:\n\nRed Hat Linux 7.3 - i386\nRed Hat Linux 9 - i386\nFedora Core 1 - i386\nFedora Core 2 - i386\n\n3. Problem description:\n\nA buffer overflow was found within the NTLM authentication helper\nroutine. If Squid is configured to use the NTLM authentication helper,\na remote attacker could potentially execute arbitrary code by sending a\nlengthy password. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0541 to this issue. \n\nAn out of bounds memory read bug was found within the NTLM\nauthentication helper routine. If Squid is configured to use the NTLM\nauthentication helper, a remote attacker could send a carefully crafted\nNTLM authentication packet and cause Squid to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0832 to this issue. \n\niDEFENSE reported a flaw in the squid SNMP module. This flaw could allow\nan attacker who has the ability to send arbitrary packets to the SNMP\nport to restart the server, causing it to drop all open connections. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0918 to this issue. \n\nA buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious\nweb page (for example) could redirect or contain a frame pointing to an\nattacker\u0027s malicious gopher server. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to\nthis issue. \n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid\u0027s\n\"home router\". The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue. \n\nA memory leak was found in the NTLM fakeauth_auth helper. It is possible\nthat an attacker could place the Squid server under high load, causing\nthe NTML fakeauth_auth helper to consume a large amount of memory,\nresulting in a denial of service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to\nthis issue. \n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth\nhelper. It is possible for an attacker to send a malformed NTLM type 3\nmessage, causing the Squid server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0097 to this issue. \n\nA username validation bug was found in squid_ldap_auth. It is possible\nfor a username to be padded with spaces, which could allow a user to\nbypass explicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0173 to this issue. \n\nThe way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the names CVE-2005-0174\nand CVE-2005-0175 to these issues. \n\nWhen processing the configuration file, Squid parses empty Access\nControl Lists (ACLs) and proxy_auth ACLs without defined auth schemes in\na way that effectively removes arguments, which could allow remote\nattackers to bypass intended ACLs. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to\nthis issue. \n\nA buffer overflow bug was found in the WCCP message parser. It is\npossible that an attacker could send a malformed WCCP message which\ncould crash the Squid server or execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0211 to this issue. \n\nA bug was found in the way Squid handled oversized HTTP response\nheaders. It is possible that a malicious web server could send a\nspecially crafted HTTP header which could cause the Squid cache to be\npoisoned, presenting users with incorrect webpages. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0241 to this issue. \n\nA bug was found in the way Squid handles FQDN lookups. It was possible\nto crash the Squid server by sending a carefully crafted DNS response to\nan FQDN lookup. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. \n\nA race condition bug was found in the way Squid handles the now obsolete\nSet-Cookie header. It is possible that Squid can leak Set-Cookie header\ninformation to other clients connecting to Squid. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0626 to this issue. \n\nA bug was found in the way Squid handles PUT and POST requests. It is\npossible for an authorised remote user to cause a failed PUT or POST\nrequest which can cause Squid to crash. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to\nthis issue. \n\nA bug was found in the way Squid processes errors in the access control\nlist. It is possible that an error in the access control list could give\nusers more access than intended. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to\nthis issue. \n\nA bug was found in the way Squid handles access to the cachemgr.cgi\nscript. It is possible for an authorised remote user to bypass access\ncontrol lists with this flaw. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-1999-0710 to this\nissue. \n\nA bug was found in the way Squid handles DNS replies. If the port Squid\nuses for DNS requests is not protected by a firewall it is possible for\na remote attacker to spoof DNS replies, possibly redirecting a user to\nspoofed or malicious content. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2005-1519 to this\nissue. \n\nA bug was found in the way Squid displays error messages. A remote\nattacker could submit a request containing an invalid hostname which\nwould result in Squid displaying a previously used error message. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-2479 to this issue. \n\nTwo denial of service bugs were found in the way Squid handles malformed\nrequests. A remote attacker could submit a specially crafted request to\nSquid that would cause the server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the names\nCVE-2005-2794 and CVE-2005-2796 to these issues. \n\nA bug was found in the way Squid handles certain request sequences while\nperforming NTLM authentication. It is possible for an attacker to cause\nSquid to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2917 to this issue. \n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which\nare not installed but included in the list will not be updated. Note\nthat you can also use wildcards (*.rpm) if your current directory *only*\ncontains the desired RPMs. \n\nPlease note that this update is also available via yum and apt. Many\npeople find this an easier way to apply updates. To use yum issue:\n\nyum update\n\nor to use apt:\n\napt-get update; apt-get upgrade\n\nThis will start an interactive process that will result in the\nappropriate RPMs being upgraded on your system. This assumes that you\nhave yum or apt-get configured for obtaining Fedora Legacy content. \nPlease visit http://www.fedoralegacy.org/docs for directions on how to\nconfigure yum and apt-get. \n\n5. Bug IDs fixed:\n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809\n\n6. RPMs required:\n\nRed Hat Linux 7.3:\nSRPM:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n\nRed Hat Linux 9:\n\nSRPM:\nhttp://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\n\nFedora Core 1:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n\nFedora Core 2:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n\n\n7. Verification:\n\nSHA1 sum Package Name\n---------------------------------------------------------------------\n\n5db383926b0358e7b1a74cd0c84d3c253fae82a6\nredhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n8d2b75252ee52b9fe943d4478960e30508bae4ea\nredhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\nd90f37a598d6789876d85fc41297fb6d6957711d\nredhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\nc6f5927ebca3000a5d9cb2d52912e9ea989ee8eb\nredhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n4e1d0e1546e50f3f694617ce641b31230b3989ad\nfedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n03e318f01302e6305d368349ea778ac9f104839d\nfedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n9eb87b9c886d2c72d6ecefa3f70e016d65de9574\nfedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n6aab32f2cb1e01196722d2ee6e980dc3915d788b\nfedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\nThese packages are GPG signed by Fedora Legacy for security. Our key is\navailable from http://www.fedoralegacy.org/about/security.php\n\nYou can verify each package with the following command:\n\n rpm --checksig -v \u003cfilename\u003e\n\nIf you only wish to verify that each package has not been corrupted or\ntampered with, examine only the sha1sum with the following command:\n\n sha1sum \u003cfilename\u003e\n\n8. References:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917\n\n9. Contact:\n\nThe Fedora Legacy security contact is \u003csecnotice@fedoralegacy.org\u003e. More\nproject details at http://www.fedoralegacy.org\n\n---------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
},
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#625878",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2005-0175",
"trust": 2.9
},
{
"db": "BID",
"id": "12433",
"trust": 2.7
},
{
"db": "BID",
"id": "9804",
"trust": 1.1
},
{
"db": "BID",
"id": "13435",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#768702",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066",
"trust": 0.8
},
{
"db": "SUSE",
"id": "SUSE-SA:2005:006",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050207 [USN-77-1] SQUID VULNERABILITIES",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FLSA-2006:152809",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2005-373",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2005:034",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2005:931",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-667",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:061",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "36038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44000",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"id": "VAR-200502-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T20:37:19.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APAR PQ91361",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007466"
},
{
"title": "APAR PQ90505",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007467"
},
{
"title": "si-040819a",
"trust": 0.8,
"url": "https://www-6.ibm.com/jp/services/security/secinfo/si-040819a.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-061.html"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-060.html"
},
{
"title": "squid-2.5.STABLE7-response_splitting",
"trust": 0.8,
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/index.html#squid-2.5.STABLE7-response_splitting"
},
{
"title": "SQUID-2005_5",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2005/TLSA-2005-24.txt"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-060J.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-061J.html"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2005/TLSA-2005-24j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/12433"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-response_splitting"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/advisories/squid-2005_5.txt"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-061.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-060.html"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-may/msg00025.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:034"
},
{
"trust": 1.6,
"url": "http://fedoranews.org/updates/fedora--.shtml"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11605"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0175"
},
{
"trust": 0.8,
"url": "https://www.watchfire.com/securearea/whitepapers.aspx?id=8"
},
{
"trust": 0.8,
"url": "http://www.watchfire.com/resources/http-request-smuggling.pdf"
},
{
"trust": 0.8,
"url": "http://www.squid-cache.org/advisories/squid-2005_4.txt"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-034.mspx"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23625878"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0175"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13435"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9804"
},
{
"trust": 0.6,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-header_parsing"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-061.html"
},
{
"trust": 0.3,
"url": "http://www.astaro.org/showflat.php?cat=\u0026number=56136\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#56136"
},
{
"trust": 0.3,
"url": "http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0175"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0541"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0241"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.stable1-9.10.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2917"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1345"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/srpms/squid-2.4.stable7-0.73.3.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.stable7-0.73.3.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0718"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0626"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/srpms/squid-2.5.stable1-9.10.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0710"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/srpms/squid-2.5.stable3-2.fc1.6.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/about/security.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0174"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.stable9-1.fc2.4.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1519"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.stable3-2.fc1.6.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2796"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2479"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0918"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0832"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2794"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/docs"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/srpms/squid-2.5.stable9-1.fc2.4.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0446"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2005-02-02T00:00:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-02-06T05:17:53",
"db": "PACKETSTORM",
"id": "36038"
},
{
"date": "2006-02-20T20:39:21",
"db": "PACKETSTORM",
"id": "44000"
},
{
"date": "2005-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2005-02-07T05:00:00",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2007-08-08T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2007-02-22T02:16:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple devices process HTTP requests inconsistently",
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
}
}
VAR-201008-0392
Vulnerability from variot - Updated: 2022-05-17 01:51Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------
List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: Squid Long DNS Replies Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA41090
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
RELEASE DATE: 2010-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/41090/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41090/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41090
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior versions may also be affected.
SOLUTION: Update to version 3.1.7.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: Stephen Thorne
ORIGINAL ADVISORY: Squid 3.1.7 Announcement: http://marc.info/?l=squid-users&m=128263555724981&w=2
Squid Bug #3021: http://bugs.squid-cache.org/show_bug.cgi?id=3021
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.1
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. There is a logic error when receiving a very long DNS response. If a very long DNS response is returned to a Squid server that does not have an IPv6 resolver configured, an assertion error can be triggered, causing the service to crash. ----------------------------------------------------------------------\n\n\nList of products vulnerable to insecure library loading vulnerabilities:\nhttp://secunia.com/_%22insecure%20library%20loading%22\n\nThe list is continuously updated as we confirm the vulnerability reports\nso check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nSquid Long DNS Replies Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41090\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41090/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nRELEASE DATE:\n2010-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41090/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41090/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Squid, which can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 3.1.7. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nStephen Thorne\n\nORIGINAL ADVISORY:\nSquid 3.1.7 Announcement:\nhttp://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2\n\nSquid Bug #3021:\nhttp://bugs.squid-cache.org/show_bug.cgi?id=3021\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
],
"trust": 0.63
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "41090",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1693",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "93260",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"id": "VAR-201008-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"last_update_date": "2022-05-17T01:51:49.011000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid\u0027s long DNS reply denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/881"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41090/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41090"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/_%22insecure%20library%20loading%22"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41090/#comments"
},
{
"trust": 0.1,
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
},
{
"date": "2010-08-30T09:52:39",
"db": "PACKETSTORM",
"id": "93260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1693"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid Long DNS Reply Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1693"
}
],
"trust": 0.6
}
}
VAR-201009-0314
Vulnerability from variot - Updated: 2022-05-04 09:06Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.2.0.2"
},
{
"model": "squid",
"scope": "lt",
"trust": 0.6,
"vendor": "squid",
"version": "3.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid is a powerful proxy server and web cache server. Some internal squid string handlers do not properly check for null pointers. Sending a specially constructed request can result in a null pointer reference, causing the server to crash.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"id": "VAR-201009-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"last_update_date": "2022-05-04T09:06:16.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Squid string handling null pointer application denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.squid-cache.org/advisories/squid-2010_3.txthttp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1863"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid String Handling Null Pointer Application Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1863"
}
],
"trust": 0.6
}
}
CERTFR-2025-AVI-0889
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "squid versions 7.x ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0889",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-c8cc-phh7-xmxr",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr"
}
]
}
CERTFR-2025-AVI-0647
Vulnerability from certfr_avis - Published: 2025-08-01 - Updated: 2025-08-01
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "squid versions ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54574"
}
],
"initial_release_date": "2025-08-01T00:00:00",
"last_revision_date": "2025-08-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0647",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-w4gv-vw3f-29g3",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3"
}
]
}
CERTFR-2024-AVI-0928
Vulnerability from certfr_avis - Published: 2024-10-28 - Updated: 2024-10-28
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions post\u00e9rieures \u00e0 3.0 et ant\u00e9rieures \u00e0 6.10 sans l\u0027option de compilation --disable-esi",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45802"
}
],
"initial_release_date": "2024-10-28T00:00:00",
"last_revision_date": "2024-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0928",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": "2024-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-f975-v7qw-q7hj",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj"
}
]
}
CERTFR-2024-AVI-0182
Vulnerability from certfr_avis - Published: 2024-03-05 - Updated: 2024-03-05
Une vulnérabilité a été découverte dans les produits Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "squid versions ant\u00e9rieures \u00e0 6.8",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25111"
}
],
"initial_release_date": "2024-03-05T00:00:00",
"last_revision_date": "2024-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0182",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits Squid\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-72c2-c3wm-8qxc du 05 mars 2024",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc"
}
]
}
CERTFR-2024-AVI-0135
Vulnerability from certfr_avis - Published: 2024-02-15 - Updated: 2024-02-15
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 6.5",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25617"
}
],
"initial_release_date": "2024-02-15T00:00:00",
"last_revision_date": "2024-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0135",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid du 14 f\u00e9vrier 2024",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr"
}
]
}
CERTFR-2023-AVI-1030
Vulnerability from certfr_avis - Published: 2023-12-14 - Updated: 2023-12-14
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 2.6.x \u00e0 6.5.x ant\u00e9rieures \u00e0 6.6",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50269"
}
],
"initial_release_date": "2023-12-14T00:00:00",
"last_revision_date": "2023-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eSquid\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-wgq4-4cfg-c4x3 du 14 d\u00e9cembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3"
}
]
}
CERTFR-2023-AVI-0993
Vulnerability from certfr_avis - Published: 2023-12-04 - Updated: 2023-12-04
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 6.5",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-49286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49286"
},
{
"name": "CVE-2023-49285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49285"
}
],
"initial_release_date": "2023-12-04T00:00:00",
"last_revision_date": "2023-12-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-49285 du 02 d\u00e9cembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-49286 du 02 d\u00e9cembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27"
}
],
"reference": "CERTFR-2023-AVI-0993",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-49286 du 02 d\u00e9cembre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid GHSA-rj5h-46j6-q2g5 du 02 d\u00e9cembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-49285 du 02 d\u00e9cembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0902
Vulnerability from certfr_avis - Published: 2023-11-02 - Updated: 2023-11-02
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.3.0.1 \u00e0 6.3.x ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
}
],
"initial_release_date": "2023-11-02T00:00:00",
"last_revision_date": "2023-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0902",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-46724 du 01 novembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
}
]
}
CERTFR-2023-AVI-0876
Vulnerability from certfr_avis - Published: 2023-10-23 - Updated: 2023-10-23
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2023-10-23T00:00:00",
"last_revision_date": "2023-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0876",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2023:1 du 21 octobre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2023:2 du 21 octobre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2023:5 du 21 octobre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2021:8 du 27 septembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2023:3 du 21 octobre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g"
}
]
}
CERTFR-2020-AVI-393
Vulnerability from certfr_avis - Published: 2020-06-29 - Updated: 2020-06-29
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.12",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15049"
}
],
"initial_release_date": "2020-06-29T00:00:00",
"last_revision_date": "2020-06-29T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-393",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid du 26 juin 2020",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
}
]
}
CERTFR-2020-AVI-239
Vulnerability from certfr_avis - Published: 2020-04-23 - Updated: 2020-04-23
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.11",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12519",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12519"
},
{
"name": "CVE-2019-12521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12521"
},
{
"name": "CVE-2020-11945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11945"
}
],
"initial_release_date": "2020-04-23T00:00:00",
"last_revision_date": "2020-04-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_12 du 23 avril 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2020_4 du 23 avril 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_4.txt"
}
]
}
CERTFR-2020-AVI-070
Vulnerability from certfr_avis - Published: 2020-02-04 - Updated: 2020-02-04
De multiples vulnérabilités ont été découvertes dans Squid. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid 3.5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.10",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8450"
},
{
"name": "CVE-2020-8517",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8517"
},
{
"name": "CVE-2019-12528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12528"
},
{
"name": "CVE-2020-8449",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8449"
}
],
"initial_release_date": "2020-02-04T00:00:00",
"last_revision_date": "2020-02-04T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-070",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2020_3 du 04 f\u00e9vrier 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2020_1 du 04 f\u00e9vrier 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2020_2 du 04 f\u00e9vrier 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
}
]
}
CERTFR-2019-AVI-552
Vulnerability from certfr_avis - Published: 2019-11-12 - Updated: 2019-11-12
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 2.x",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 3.x",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 4.x ant\u00e9rieures \u00e0 4.9",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12523"
},
{
"name": "CVE-2019-18679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18679"
},
{
"name": "CVE-2019-12526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12526"
},
{
"name": "CVE-2019-18676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18676"
},
{
"name": "CVE-2019-18678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18678"
},
{
"name": "CVE-2019-18677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18677"
}
],
"initial_release_date": "2019-11-12T00:00:00",
"last_revision_date": "2019-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-552",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SQUID-2019:10 du 05 novembre 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SQUID-2019:11 du 05 novembre 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SQUID-2019:09 du 05 novembre 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SQUID-2019:08 du 05 novembre 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SQUID-2019:07 du 05 novembre 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
}
]
}
CERTFR-2019-AVI-332
Vulnerability from certfr_avis - Published: 2019-07-15 - Updated: 2019-07-15
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.8",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12527"
},
{
"name": "CVE-2019-13345",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13345"
},
{
"name": "CVE-2019-12854",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12854"
},
{
"name": "CVE-2019-12529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12529"
},
{
"name": "CVE-2019-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12525"
}
],
"initial_release_date": "2019-07-15T00:00:00",
"last_revision_date": "2019-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-332",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_1 du 12 juillet 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_5 du 12 juillet 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_5.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_6 du 12 juillet 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_6.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_2 du 12 juillet 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_3 du 12 juillet 2019",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_3.txt"
}
]
}
CERTFR-2018-AVI-518
Vulnerability from certfr_avis - Published: 2018-10-29 - Updated: 2018-10-29
De multiples vulnérabilités ont été découvertes dans Squid . Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.5 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2018-10-29T00:00:00",
"last_revision_date": "2018-10-29T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-518",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2018_5 du 28 octobre 2018",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2018_4 du 28 octobre 2018",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
}
]
}
CERTFR-2018-AVI-192
Vulnerability from certfr_avis - Published: 2018-04-23 - Updated: 2018-04-23
Une vulnérabilité a été découverte dans Squid . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.0.13",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1172"
}
],
"initial_release_date": "2018-04-23T00:00:00",
"last_revision_date": "2018-04-23T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2018_3 du 18 avril 2018",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
}
]
}
CERTFR-2018-AVI-046
Vulnerability from certfr_avis - Published: 2018-01-22 - Updated: 2018-01-22
De multiples vulnérabilités ont été découvertes dans Squid . Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.x ant\u00e9rieures \u00e0 3.5.27",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 4.x ant\u00e9rieures \u00e0 4.0.22",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2018-01-22T00:00:00",
"last_revision_date": "2018-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-046",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2018:2 du 19 janvier 2018",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2018:1 du 19 janvier 2018",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
}
]
}
CERTFR-2016-AVI-422
Vulnerability from certfr_avis - Published: 2016-12-19 - Updated: 2016-12-19
De multiples vulnérabilités ont été corrigées dans Squid. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.1 \u00e0 3.5.22",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 4.0 \u00e0 4.0.16",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-10003",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10003"
},
{
"name": "CVE-2016-10002",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10002"
}
],
"initial_release_date": "2016-12-19T00:00:00",
"last_revision_date": "2016-12-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:10 du 16 d\u00e9cembre 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:11 du 16 d\u00e9cembre 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
}
],
"reference": "CERTFR-2016-AVI-422",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSquid\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:10 du 16 d\u00e9cembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:11 du 16 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-157
Vulnerability from certfr_avis - Published: 2016-05-09 - Updated: 2016-05-09
De multiples vulnérabilités ont été corrigées dans Squid. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 3.5.18",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 4.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4556",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4556"
},
{
"name": "CVE-2016-4553",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4553"
},
{
"name": "CVE-2016-4555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4555"
},
{
"name": "CVE-2016-4554",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4554"
}
],
"initial_release_date": "2016-05-09T00:00:00",
"last_revision_date": "2016-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-157",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSquid\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:8 du 06 mai 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:9 du 06 mai 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:7 du 06 mai 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
}
]
}
CERTFR-2016-AVI-141
Vulnerability from certfr_avis - Published: 2016-04-21 - Updated: 2016-04-21
De multiples vulnérabilités ont été corrigées dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid 3.x versions ant\u00e9rieures \u00e0 3.5.17",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid 4.x versions ant\u00e9rieures \u00e0 4.0.9",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4053",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4053"
},
{
"name": "CVE-2016-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4051"
},
{
"name": "CVE-2016-4054",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4054"
},
{
"name": "CVE-2016-4052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4052"
}
],
"initial_release_date": "2016-04-21T00:00:00",
"last_revision_date": "2016-04-21T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSquid\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:6 du 20 avril 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:5 du 20 avril 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
}
]
}
CERTFR-2016-AVI-112
Vulnerability from certfr_avis - Published: 2016-04-04 - Updated: 2016-04-04
De multiples vulnérabilités ont été corrigées dans Squid. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.x ant\u00e9rieures \u00e0 3.1.16",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 4.x ant\u00e9rieures \u00e0 4.0.8",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3948"
},
{
"name": "CVE-2016-3947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3947"
}
],
"initial_release_date": "2016-04-04T00:00:00",
"last_revision_date": "2016-04-04T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-112",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSquid\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:4 du 02 avril 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:3 du 02 avril 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
}
]
}
CERTFR-2016-AVI-067
Vulnerability from certfr_avis - Published: 2016-02-17 - Updated: 2016-02-17
Une vulnérabilité a été corrigée dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.0.6",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions ant\u00e9rieures \u00e0 3.5.14",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-02-17T00:00:00",
"last_revision_date": "2016-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-067",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSquid\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2016:1 du 16 f\u00e9vrier 2016",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
}
]
}
CERTFR-2015-AVI-200
Vulnerability from certfr_avis - Published: 2015-05-04 - Updated: 2015-05-04
Une vulnérabilité a été corrigée dans Squid. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions 3.4 \u00e0 3.4.12",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "versions 3.3 \u00e0 3.3.13",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "versions 3.2 \u00e0 3.2.13",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "versions 3.5 \u00e0 3.5.3",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3455",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3455"
}
],
"initial_release_date": "2015-05-04T00:00:00",
"last_revision_date": "2015-05-04T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-200",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSquid\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid du 01 mai 2015",
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
}
]
}
CERTFR-2014-AVI-369
Vulnerability from certfr_avis - Published: 2014-09-02 - Updated: 2014-09-02
Une vulnérabilité a été corrigée dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Squid 3.3.13",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Squid 3.4.7",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3609"
}
],
"initial_release_date": "2014-09-02T00:00:00",
"last_revision_date": "2014-09-02T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-369",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSquid\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid du 28 ao\u00fbt 2014",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
}
]
}
CERTFR-2014-AVI-113
Vulnerability from certfr_avis - Published: 2014-03-11 - Updated: 2014-03-11
Une vulnérabilité a été corrigée dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 3.3.12",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions ant\u00e9rieures \u00e0 3.4.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0128"
}
],
"initial_release_date": "2014-03-11T00:00:00",
"last_revision_date": "2014-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-113",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSquid\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2014:1 du 09 mars 2014",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
}
]
}