Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-0478

Published: 08/02/2009 Updated: 11/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Squid

Vulnerability Summary

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote malicious users to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Vulnerable Product Search on Vulmon Subscribe to Product

squid squid 2.7.stable2

squid squid 2.7.stable1

squid squid 3.0.stable6

squid squid 3.0.stable5

squid squid 3.1.0.2

squid squid 3.1.0.3

squid squid 2.7.stable5

squid squid 3.0.stable12

squid squid 3.0.stable4

squid squid 3.0.stable3

squid squid 3.1.0.4

squid squid 3.0.stable11

squid squid 3.0.stable10

squid squid 3.0.stable2

squid squid 3.0.stable1

squid squid 2.7.stable4

squid squid 2.7.stable3

squid squid 3.0.stable9

squid squid 3.0.stable8

squid squid 3.0.stable7

squid squid 3.1

squid squid 3.1.0.1

Vendor Advisories

Ubuntu Security Notice: squid vulnerability
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid did not properly validate the HTTP version when processing requests A remote attacker could exploit this to cause a denial of service (assertion failure) ...
Debian Security Advisories: DSA-1732-1 squid3 -- denial of service
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack For the oldstable distribution (etch), this problem has been fixed in version 30PRE5-5+etch1 For the stable distribution (lenny), this problem has been fixed in version 30STAB ...

Exploits

Exploit DB: Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
#!usr/bin/perl -w ######################################################################################## # # Reference: # webnvdnistgov/view/vuln/detail?vulnId=CVE-2009-0478 # wwwsecurityfocuscom/bid/33604/discuss # #$$$$$This was strictly written for educational purpose Use it at your own risk$$$$$ #$$$$$Author wi ...
Exploit DB: Squid Denial Of Service
Squid versions 27 to 27STABLE5, 30 to 30STABLE12, and 31 to 3104 remote HTTP version parsing denial of service exploit ...

References

CWE-20http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patchhttp://www.squid-cache.org/Advisories/SQUID-2009_1.txthttp://www.securityfocus.com/bid/33604http://www.securitytracker.com/id?1021684https://bugzilla.redhat.com/show_bug.cgi?id=484246http://secunia.com/advisories/33731http://www.mandriva.com/security/advisories?name=MDVSA-2009:034http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.htmlhttp://security.gentoo.org/glsa/glsa-200903-38.xmlhttp://secunia.com/advisories/34467https://www.exploit-db.com/exploits/8021http://www.securityfocus.com/archive/1/500653/100/0/threadedhttps://usn.ubuntu.com/724-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/8021/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook