CVE-2012-5643

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html

http://openwall.com/lists/oss-security/2012/12/17/4

http://rhn.redhat.com/errata/RHSA-2013-0505.html

http://secunia.com/advisories/52024

http://secunia.com/advisories/54839

http://ubuntu.com/usn/usn-1713-1

http://www.debian.org/security/2013/dsa-2631

http://www.mandriva.com/security/advisories?name=MDVSA-2013:129

http://www.securitytracker.com/id?1027890

http://www.squid-cache.org/Advisories/SQUID-2012_1.txt

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch

http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch

https://bugs.gentoo.org/show_bug.cgi?id=447596

https://bugzilla.redhat.com/show_bug.cgi?id=887962

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368

Details

Source: MITRE

Published: 2012-12-20

Updated: 2016-11-28

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
93294SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)NessusSuSE Local Security Checks
high
93271SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)NessusSuSE Local Security Checks
high
80773Oracle Solaris Third-Party Patch Update : squid (multiple_vulnerabilities_in_squid)NessusSolaris Local Security Checks
medium
75139openSUSE Security Update : squid (openSUSE-SU-2013:1436-1)NessusSuSE Local Security Checks
high
75011openSUSE Security Update : squid3 (openSUSE-SU-2013:0162-1)NessusSuSE Local Security Checks
medium
70182GLSA-201309-22 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68745Oracle Linux 6 : squid (ELSA-2013-0505)NessusOracle Linux Local Security Checks
medium
66141Mandriva Linux Security Advisory : squid (MDVSA-2013:129)NessusMandriva Local Security Checks
medium
65140CentOS 6 : squid (CESA-2013:0505)NessusCentOS Local Security Checks
medium
64960Scientific Linux Security Update : squid on SL6.x i386/x86_64 (20130221)NessusScientific Linux Local Security Checks
medium
64889SuSE 11.2 Security Update : squid3 (SAT Patch Number 7336)NessusSuSE Local Security Checks
medium
64867Debian DSA-2631-1 : squid3 - denial of serviceNessusDebian Local Security Checks
medium
64866SuSE 10 Security Update : squid (ZYPP Patch Number 8464)NessusSuSE Local Security Checks
medium
64864SuSE 11.2 Security Update : squid (SAT Patch Number 7335)NessusSuSE Local Security Checks
medium
64756RHEL 6 : squid (RHSA-2013:0505)NessusRed Hat Local Security Checks
medium
64745Mandriva Linux Security Advisory : squid (MDVSA-2013:013)NessusMandriva Local Security Checks
medium
64514Fedora 17 : squid-3.2.5-2.fc17 (2013-1625)NessusFedora Local Security Checks
medium
64513Fedora 18 : squid-3.2.5-2.fc18 (2013-1616)NessusFedora Local Security Checks
medium
6850Squid < 3.1.23 / 3.2.x < 3.2.6 / 3.3.x < 3.3.0.3 cachemgr.cgi DoSNessus Network MonitorWeb Servers
low
64501Squid 2.x / 3.x < 3.1.23 / 3.2.6 / 3.3.0.3 cachemgr.cgi DoSNessusFirewalls
medium
64376Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : squid, squid3 vulnerabilities (USN-1713-1)NessusUbuntu Local Security Checks
medium
63366FreeBSD : squid -- denial of service (c37de843-488e-11e2-a5c9-0019996bc1f7)NessusFreeBSD Local Security Checks
medium
63336Fedora 16 : squid-3.2.5-1.fc16 (2012-20537)NessusFedora Local Security Checks
medium
63318Squid 2.x / 3.x < 3.1.22 / 3.2.4 / 3.3.0.2 cachemgr.cgi DoSNessusFirewalls
medium