[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2018-1081

ID: oval:org.secpod.oval:def:1600930Date: (C)2018-09-21   (M)2022-08-29
Class: PATCHFamily: unix




The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.

Platform:
Amazon Linux AMI
Product:
squid
Reference:
ALAS-2018-1081
CVE-2018-1000024
CVE-2018-1000027
CVE    2
CVE-2018-1000024
CVE-2018-1000027
CPE    146
cpe:/a:squid-cache:squid:3.4.1
cpe:/a:squid-cache:squid:3.4.4
cpe:/a:squid-cache:squid:3.4.2
cpe:/a:squid-cache:squid:3.4.3
...

© SecPod Technologies