This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been found and corrected in squid
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid
2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before
18.104.22.168 allow remote attackers to cause a denial of service (memory
consumption) via (1) invalid Content-Length headers, (2) long POST
requests, or (3) crafted authentication credentials (CVE-2012-5643).
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and
other versions, allows remote attackers to cause a denial of service
(resource consumption) via a crafted request. NOTE: this issue is due
to an incorrect fix for CVE-2012-5643, possibly involving an incorrect
order of arguments or incorrect comparison (CVE-2013-0189).
The updated packages have been patched to correct these issues.
Update the affected squid and / or squid-cachemgr packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false