Published: 09/02/2018 Updated: 17/07/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10

Synopsis Moderate: squid security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for squid is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses A remote server delivering certain ESI respons ...

Several security issues were fixed in Squid ...

USN-3557-1 introduced a regression in Squid ...

Debian Bug report logs - #888719 squid3: CVE-2018-1000024: SQUID-2018:1 Denial of Service issue in ESI Response processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jan 2018 05:57:01 UTC Severity: important ...

Debian Bug report logs - #888720 squid3: CVE-2018-1000027: SQUID-2018:2 Denial of Service issue in HTTP Message processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jan 2018 05:57:04 UTC Severity: important ...

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP r ...

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4023 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For h ...

CWE-476 https://github.com/squid-cache/squid/pull/129/files http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch http://www.squid-cache.org/Advisories/SQUID-2018_2.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html https://www.debian.org/security/2018/dsa-4122 https://usn.ubuntu.com/3557-1/https://usn.ubuntu.com/4059-2/https://access.redhat.com/errata/RHSA-2020:1068 https://nvd.nist.gov https://usn.ubuntu.com/4059-2/https://www.debian.org/security/./dsa-4122 https://usn.ubuntu.com/3557-1/

Get Started

CVE-2018-1000027

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect