CVE-2009-2622

high

Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

References

http://www.vupen.com/english/advisories/2009/2013

http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

http://www.securitytracker.com/id?1022607

http://www.securityfocus.com/bid/35812

http://www.mandriva.com/security/advisories?name=MDVSA-2009:178

http://www.mandriva.com/security/advisories?name=MDVSA-2009:161

http://secunia.com/advisories/36007

Details

Source: Mitre, NVD

Published: 2009-07-28

Updated: 2009-08-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High