Vulnerabilities > Squid > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-07 | CVE-2005-2794 | Remote Denial Of Service vulnerability in Squid Proxy Aborted Requests store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | 5.0 |
2005-05-11 | CVE-2005-1519 | DNS Spoofing vulnerability in Squid Proxy Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | 6.4 |
2005-05-02 | CVE-2005-0446 | Remote Denial Of Service vulnerability in Squid Proxy DNS Name Resolver Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | 5.0 |
2005-05-02 | CVE-2005-0241 | Remote vulnerability in Squid Proxy Oversize HTTP Headers The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. | 5.0 |
2005-04-14 | CVE-2005-0718 | Remote Denial Of Service vulnerability in Squid Proxy Aborted Connection Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | 5.0 |
2005-02-07 | CVE-2005-0175 | Unspecified vulnerability in Squid Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | 5.0 |
2005-02-07 | CVE-2005-0174 | Remote vulnerability in Squid Proxy Oversize HTTP Headers Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. | 5.0 |
2005-01-27 | CVE-2004-0918 | Resource Management Errors vulnerability in multiple products The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | 5.0 |
2005-01-25 | CVE-2005-0096 | Remote Denial Of Service vulnerability in Squid Proxy NTLM Fakeauth_Auth Memory Leak Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption). | 5.0 |
2005-01-15 | CVE-2005-0095 | Denial Of Service vulnerability in Squid Proxy Web Cache Communication Protocol The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. | 5.0 |