CVE-2009-2622

MEDIUM

Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

References

http://secunia.com/advisories/36007

http://www.mandriva.com/security/advisories?name=MDVSA-2009:161

http://www.mandriva.com/security/advisories?name=MDVSA-2009:178

http://www.securityfocus.com/bid/35812

http://www.securitytracker.com/id?1022607

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch

http://www.vupen.com/english/advisories/2009/2013

Details

Source: MITRE

Published: 2009-07-28

Updated: 2009-08-12

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM