Squid < 3.1.0.10 HTTP Header Injection Vulnerability

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote proxy server is affected by an HTTP header injection
vulnerability.

Description :

According to its banner, the version of Squid is 0.x, 1.x, 2.x and
3.x earlier than 3.1.0.10. Such versions are potentially affected by
an HTTP Header Injection vulnerability. A remote attacker, exploiting
this flaw could create a CRLF condition. (CVE-2015-0881)

See also :

http://jvn.jp/en/jp/JVN64455813/index.html
http://www.nessus.org/u?3312aa23

Solution :

Upgrade to Squid version 3.1.0.10 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 82530 ()

Bugtraq ID: 72703

CVE ID: CVE-2015-0881

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now