Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2855HistoryAug 18, 2009 - 9:00 p.m.
CVE-2009-2855
2009-08-1821:00:00
Debian Security Bug Tracker
security-tracker.debian.org
9
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | squid | < 2.7.STABLE7-1 | squid_2.7.STABLE7-1_all.deb |
| Debian | 11 | all | squid | < 2.7.STABLE7-1 | squid_2.7.STABLE7-1_all.deb |
| Debian | 999 | all | squid | < 2.7.STABLE7-1 | squid_2.7.STABLE7-1_all.deb |
| Debian | 13 | all | squid | < 2.7.STABLE7-1 | squid_2.7.STABLE7-1_all.deb |
Related
cve
cve
CVE-2009-2855
2009-08-18 21:00:00
ubuntucve
ubuntucve
CVE-2009-2855
2009-08-18 00:00:00
nvd
nvd
CVE-2009-2855
2009-08-18 21:00:00
cvelist
cvelist
CVE-2009-2855
2009-08-18 20:41:00
securityvulns
securityvulns
[ MDVSA-2009:241 ] squid
2009-09-23 00:00:00
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 00:00:00
squid proxy server DoS
2010-02-04 00:00:00
prion
prion
Code injection
2009-08-18 21:00:00
nessus
nessus
Squid < 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23 strListGetItem Function Remote DoS
2010-02-05 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2009:241-1)
2010-01-12 00:00:00
Debian DSA-1991-1 : squid/squid3 - denial of service
2010-02-24 00:00:00
openvas
openvas
Mandriva Update for squid MDVSA-2009:241-1 (squid)
2010-01-15 00:00:00
Mandrake Security Advisory MDVSA-2009:241 (squid)
2009-09-28 00:00:00
Squid < 3.1.4 External Auth Header Parser DoS Vulnerabilities
2009-08-24 00:00:00
seebug
seebug
Squid外部认证头解析器拒绝服务漏洞
2009-08-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:42
checkpoint_advisories
checkpoint_advisories
Squid strListGetItem Denial of Service (CVE-2009-2855)
2010-05-09 00:00:00
osv
osv
squid squid3 - denial of service
2010-02-04 00:00:00
redhat
redhat
(RHSA-2010:0221) Low: squid security and bug fix update
2010-03-30 00:00:00
oraclelinux
oraclelinux
squid security and bug fix update
2010-04-05 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2010-02-16 00:00:00
debian
debian
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 08:46:27
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
Related for DEBIANCVE:CVE-2009-2855