Squid < 3.0.STABLE19 / / 2.6.STABLE23 strListGetItem Function Remote DoS

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote proxy server is prone to a denial of service attack.

Description :

According to its banner, the version of the Squid proxy caching server
installed on the remote host is older than 3.0.STABLE19 / /
2.6.STABLE23. A bug in the 'strListGetItem()' function in
'src/HttpHeaderTools.c' can result in an infinite loop when processing
a specially crafted auth header with certain comma delimiters.

A remote attacker may be able to leverage this issue to cause a denial
of service.

See also :


Solution :

Upgrade to Squid version 3.0.STABLE19 / / 2.6.STABLE23 or

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 44400 ()

Bugtraq ID: 36091

CVE ID: CVE-2009-2855