Vulnerability Details CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.262
EPSS Ranking 96.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/36007
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:178
- http://www.securityfocus.com/bid/35812
- http://www.securitytracker.com/id?1022607
- http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
- http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
- http://www.vupen.com/english/advisories/2009/2013
- http://secunia.com/advisories/36007
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:178
- http://www.securityfocus.com/bid/35812
- http://www.securitytracker.com/id?1022607
- http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
- http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
- http://www.vupen.com/english/advisories/2009/2013
Products affected by CVE-2009-2622
-
cpe:2.3:a:squid-cache:squid:3.0
-
cpe:2.3:a:squid-cache:squid:3.1
-
cpe:2.3:a:squid-cache:squid:3.1.0.1
-
cpe:2.3:a:squid-cache:squid:3.1.0.2
-
cpe:2.3:a:squid-cache:squid:3.1.0.3
-
cpe:2.3:a:squid-cache:squid:3.1.0.4