Squid

Squid

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-0175

  • EPSS 81.6%
  • Veröffentlicht 07.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

5

CVE-2005-0174

  • EPSS 85.95%
  • Veröffentlicht 07.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not ...

5

CVE-2004-0918

  • EPSS 68.74%
  • Veröffentlicht 27.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory al...

5

CVE-2005-0096

  • EPSS 2.28%
  • Veröffentlicht 25.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

5

CVE-2005-0095

Exploit
  • EPSS 75.84%
  • Veröffentlicht 15.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU...

5

CVE-2005-0094

Exploit
  • EPSS 46.13%
  • Veröffentlicht 15.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

5

CVE-2005-0097

  • EPSS 48.28%
  • Veröffentlicht 11.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

5

CVE-2004-2654

  • EPSS 0.51%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory...

5

CVE-2004-0832

  • EPSS 12.29%
  • Veröffentlicht 03.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be...

7.5

CVE-2004-0189

Exploit
  • EPSS 5.08%
  • Veröffentlicht 15.03.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce...