- EPSS 40.98%
- Veröffentlicht 07.02.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:38
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
- EPSS 50.78%
- Veröffentlicht 07.02.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:37
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not ...
- EPSS 16.03%
- Veröffentlicht 27.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:39
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory al...
- EPSS 9.42%
- Veröffentlicht 25.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:30
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
- EPSS 68.78%
- Veröffentlicht 15.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:29
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU...
- EPSS 8.64%
- Veröffentlicht 15.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:29
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
- EPSS 10.64%
- Veröffentlicht 11.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:30
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
- EPSS 1.99%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:04
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory...
- EPSS 10.66%
- Veröffentlicht 03.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:28
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be...
CVE-2004-0189
- EPSS 13.81%
- Veröffentlicht 15.03.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:07
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce...