Computer Security

CVE-2009-2855
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-2855
StatusCandidate
DescriptionThe strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
SeverityMedium
CVSS score5
CVSS vector(AV:N/AC:L/Au:N/C:N/I:N/A:P)
PhaseAssigned (21.08.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855
ReferencesBID : 36091
 CONFIRM : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
 CONFIRM : http://www.squid-cache.org/bugs/show_bug.cgi?id=2541
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=518182
 MISC : http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=3...
 MISC : http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
 MLIST : [oss-security] 20090720 squid DoS in external auth header parser
 MLIST : [oss-security] 20090803 Re: squid DoS in external auth header parser
 MLIST : [oss-security] 20090804 Re: squid DoS in external auth header parser
 XF : squid-strlistgetitem-dos(52610)
SecurityVulns:squid proxy DoS
 squid proxy server DoS
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server