Vulnerabilities > Squid

DATE CVE VULNERABILITY TITLE RISK
2009-03-04 CVE-2009-0801 Permissions, Privileges, and Access Controls vulnerability in Squid web Proxy Cache
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
network
high complexity
squid CWE-264
5.4
2009-02-08 CVE-2009-0478 Improper Input Validation vulnerability in Squid
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
network
low complexity
squid CWE-20
5.0
2008-04-01 CVE-2008-1612 Improper Input Validation vulnerability in Squid 2.6.Stable17
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error.
network
squid CWE-20
4.3
2007-12-04 CVE-2007-6239 Improper Input Validation vulnerability in Squid web Proxy Cache
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
network
low complexity
squid CWE-20
5.0
2007-03-21 CVE-2007-1560 Remote Denial of Service vulnerability in Squid Proxy TRACE Request
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
network
low complexity
squid
5.0
2007-01-16 CVE-2007-0248 Remote Denial of Service vulnerability in Squid 2.6.Stable6
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
network
low complexity
squid
5.0
2007-01-16 CVE-2007-0247 Resource Management Errors vulnerability in Squid
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
network
low complexity
squid CWE-399
5.0
2005-10-27 CVE-2005-3322 Denial of Service vulnerability in SUSE Linux Squid Proxy SSL Handling
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
network
low complexity
squid suse
5.0
2005-10-20 CVE-2005-3258 Unspecified vulnerability in Squid
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
network
low complexity
squid
5.0
2005-09-30 CVE-2005-2917 Denial Of Service vulnerability in Squid 2.5.9
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
network
low complexity
squid
5.0