icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Squid 3.x < 3.2.9 / 3.3.x < 3.3.3 strHdrAcptLangGetItem DoS

Medium

Synopsis

The remote proxy server is vulnerable to a denial-of-service attack.

Description

Squid version prior to 3.2.9 or 3.3.3 are potentially affected by a denial of service vulnerability. An error exists in the function 'strHdrAcptLangGetItem' in the field 'errorpage.cc' that would allow certain 'Accept-Language' HTTP headers to cause a denial of service condition.

Solution

Upgrade to Squid 3.2.9 / 3.3.3 or later, or apply the vedor-supplied patch