Vulnerability in N/a
CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpSt…
EPSS: 0.771 (99.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 33604 (vdb-entry, x_refsource_BID)
- 33731 (x_refsource_SECUNIA, third-party-advisory)
- GLSA-200903-38 (vendor-advisory, x_refsource_GENTOO)
- 20090204 Squid Proxy Cache Denial of Service in request handling (mailing-list, x_refsource_BUGTRAQ)
- SUSE-SR:2009:005 (vendor-advisory, x_refsource_SUSE)
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch (x_refsource_CONFIRM)
- 1021684 (vdb-entry, x_refsource_SECTRACK)
- www.squid-cache.org/Advisories/SQUID-2009_1.txt (x_refsource_CONFIRM)
- MDVSA-2009:034 (vendor-advisory, x_refsource_MANDRIVA)