CVE-2009-2622

EPSS 26.19%
Published 28.07.2009 17:30:01
Last modified 09.04.2025 00:30:58
Source cret@cert.org
Teams watchlist Login
Open Login

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version3.0 Editionpre1

Squid-cache ≫ Squid Version3.0 Editionpre2

Squid-cache ≫ Squid Version3.0 Editionpre3

Squid-cache ≫ Squid Version3.0 Editionpre4

Squid-cache ≫ Squid Version3.0 Editionpre5

Squid-cache ≫ Squid Version3.0 Editionpre6

Squid-cache ≫ Squid Version3.0 Editionpre7

Squid-cache ≫ Squid Version3.0 Editionstable1

Squid-cache ≫ Squid Version3.0 Editionstable10

Squid-cache ≫ Squid Version3.0 Editionstable11

Squid-cache ≫ Squid Version3.0 Editionstable12

Squid-cache ≫ Squid Version3.0 Editionstable13

Squid-cache ≫ Squid Version3.0 Editionstable14

Squid-cache ≫ Squid Version3.0 Editionstable15

Squid-cache ≫ Squid Version3.0 Editionstable2

Squid-cache ≫ Squid Version3.0 Editionstable3

Squid-cache ≫ Squid Version3.0 Editionstable4

Squid-cache ≫ Squid Version3.0 Editionstable5

Squid-cache ≫ Squid Version3.0 Editionstable6

Squid-cache ≫ Squid Version3.0 Editionstable7

Squid-cache ≫ Squid Version3.0 Editionstable8

Squid-cache ≫ Squid Version3.0 Editionstable9

Squid-cache ≫ Squid Version3.0 Updaterc1 Editionstable11

Squid-cache ≫ Squid Version3.0 Updaterc4

Squid-cache ≫ Squid Version3.1

Squid-cache ≫ Squid Version3.1.0.1

Squid-cache ≫ Squid Version3.1.0.2

Squid-cache ≫ Squid Version3.1.0.3

Squid-cache ≫ Squid Version3.1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	26.19%	0.959

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/36007

http://www.mandriva.com/security/advisories?name=MDVSA-2009:161

http://www.mandriva.com/security/advisories?name=MDVSA-2009:178

http://www.securityfocus.com/bid/35812

http://www.securitytracker.com/id?1022607

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

Vendor Advisory

http://www.vupen.com/english/advisories/2009/2013

http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-2622

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2622

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2622

EUVD