Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid < 3.1.23 / 3.2.x < 3.2.6 / 3.3.x < 3.3.0.3 cachemgr.cgi DoS

Medium

Synopsis

The remote proxy server is vulnerable to a Denial of Service (DoS) attack.

Description

Squid versions prior to 3.1.23, 3.2.x prior to 3.2.6, and 3.3.x prior to 3.3.0.3 are potentially affected by a denial of service vulnerability. The included 'cachemgr.cgi' tool reportedly lacks input validation, which could be abused by any client able to access that tool to perform a denial of service attack on the service host.

Note this fix is a result of an incomplete fix for CVE-2012-5643.

Solution

Upgrade to Squid version 3.1.23 / 3.2.6 / 3.3.0.3 or later, or apply the vendor-supplied patch.