Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2018-1081

Related Vulnerabilities: CVE-2018-1000024   CVE-2018-1000027  

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.(CVE-2018-1000027) The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.(CVE-2018-1000024)

Source

ALAS-2018-1081

Amazon Linux AMI Security Advisory: ALAS-2018-1081
Advisory Release Date: 2018-09-19 17:10 Pacific
Advisory Updated Date: 2018-09-19 23:33 Pacific
Severity: Medium
Issue Overview:

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.(CVE-2018-1000027)

The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.(CVE-2018-1000024)


Affected Packages:

squid


Issue Correction:
Run yum update squid to update your system.

New Packages:
i686:
    squid-3.5.20-11.35.amzn1.i686
    squid-migration-script-3.5.20-11.35.amzn1.i686
    squid-debuginfo-3.5.20-11.35.amzn1.i686

src:
    squid-3.5.20-11.35.amzn1.src

x86_64:
    squid-debuginfo-3.5.20-11.35.amzn1.x86_64
    squid-3.5.20-11.35.amzn1.x86_64
    squid-migration-script-3.5.20-11.35.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started