Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid < 2.5.STABLE11 sslConnectTimeout DoS



The remote proxy server is vulnerable to a Denial of Service (DoS) attack.


The remote Squid caching proxy, according to its version number, is vulnerable to an attack where the attacker can cause the Squid proxy to stop servicing valid service requests. The flaw is within the 'sslConnectTimeout' function and stems from the functions inability to parse user-supplied requests. Successful exploitation leads to a loss of availability.


Upgrade to version 2.5.STABLE11 or higher.