Published: 16/05/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

This vulnerability allows remote malicious users to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid 3.5.27

An issue was discovered in Squid before 410 It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes (CVE-2019-12528) This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software ...

it was found that Squid, when used as a reverse proxy, did not handle ESI responses properly A malicious web server could use this flaw to crash Squid ...

CWE-476 https://zerodayinitiative.com/advisories/ZDI-18-309 http://www.squid-cache.org/Advisories/SQUID-2018_3.txt https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2020-1486.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1172

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect