8.6
CVE-2023-50269
- EPSS 1.15%
- Published 14.12.2023 18:15:45
- Last modified 21.11.2024 08:36:47
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
Data is provided by the National Vulnerability Database (NVD)
Squid-cache ≫ Squid Version >= 3.1 <= 5.9
Squid-cache ≫ Squid Version >= 6.0.1 <= 6.5
Squid-cache ≫ Squid Version2.6
Squid-cache ≫ Squid Version2.7 Update-
Squid-cache ≫ Squid Version2.7 Updatestable1
Squid-cache ≫ Squid Version2.7 Updatestable2
Squid-cache ≫ Squid Version2.7 Updatestable3
Squid-cache ≫ Squid Version2.7 Updatestable4
Squid-cache ≫ Squid Version2.7 Updatestable5
Squid-cache ≫ Squid Version2.7 Updatestable6
Squid-cache ≫ Squid Version2.7 Updatestable7
Squid-cache ≫ Squid Version2.7 Updatestable8
Squid-cache ≫ Squid Version2.7 Updatestable9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.777 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.