Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2024-25617
HistoryFeb 15, 2024 - 6:58 a.m.

CVE-2024-25617

2024-02-1506:58:53
redhat.com
access.redhat.com
16
squid
flaw
remote dos
http headers
mitigation
configuration
warning

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0

Percentile

15.5%

JSON

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages.

Mitigation

To mitigate this flaw in Squid versions prior to 6.5, set the request_header_max_size and reply_header_max_size configuration options to 21KB. The following lines should be added to the Squid configuration file:

request_header_max_size 21 KB  
reply_header_max_size 21 KB

In Squid versions 6.5 and newer, the default values of these options are considered safe and the above configuration can be removed. Also, Squid will emit a warning in the logs if the configured values are unsafe.

Related

vulnrichment 1
veracode 1
redhat 9
nessus 24
debiancve 1
nvd 1
redos 1
osv 9
openvas 11
cloudlinux 1
ubuntucve 1
cvelist 1
cve 1
prion 1
amazon 1
oraclelinux 3
almalinux 2
photon 1
ubuntu 4
mageia 1
debian 1
vulnrichment
vulnrichment
CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy
2024-02-14 20:55:52
veracode
veracode
Denial Of Service (DoS)
2024-02-15 07:37:40
redhat
redhat
(RHSA-2024:1062) Important: squid:4 security update
2024-03-01 07:59:37
(RHSA-2024:1066) Important: squid:4 security update
2024-03-04 08:55:06
(RHSA-2024:1184) Important: squid security update
2024-03-06 00:55:36
nessus
nessus
RHEL 8 : squid:4 (RHSA-2024:1062)
2024-03-01 00:00:00
RHEL 8 : squid:4 (RHSA-2024:1066)
2024-03-05 00:00:00
RHEL 9 : squid (RHSA-2024:1184)
2024-03-06 00:00:00
debiancve
debiancve
CVE-2024-25617
2024-02-14 21:15:08
nvd
nvd
CVE-2024-25617
2024-02-14 21:15:08
redos
redos
ROS-20240812-07
2024-08-12 00:00:00
osv
osv
CVE-2024-25617
2024-02-14 21:15:08
squid-6.8-1.1 on GA media
2024-06-15 00:00:00
Important: squid:4 security update
2024-03-19 00:00:00
openvas
openvas
Squid DoS Vulnerability (GHSA-h5x6-w8mv-xfpr, SQUID-2024:2)
2023-10-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1115-1)
2024-05-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1114-1)
2024-05-07 00:00:00
cloudlinux
cloudlinux
squid: Fix of CVE-2024-25617
2024-03-26 22:20:18
ubuntucve
ubuntucve
CVE-2024-25617
2024-02-14 00:00:00
cvelist
cvelist
CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy
2024-02-14 20:55:52
cve
cve
CVE-2024-25617
2024-02-14 21:15:08
prion
prion
Design/Logic Flaw
2024-02-14 21:15:00
amazon
amazon
Medium: squid
2024-01-03 21:04:00
oraclelinux
oraclelinux
squid security update
2024-03-20 00:00:00
squid:4 security update
2024-03-21 00:00:00
squid security update
2024-04-11 00:00:00
almalinux
almalinux
Important: squid:4 security update
2024-03-19 00:00:00
Important: squid security update
2024-03-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0751
2024-04-18 00:00:00
ubuntu
ubuntu
Squid regression
2024-04-11 00:00:00
Squid vulnerability
2024-04-23 00:00:00
Squid vulnerabilities
2024-04-10 00:00:00
mageia
mageia
Updated squid packages fix security vulnerabilities
2024-03-31 06:27:58
debian
debian
[SECURITY] [DSA 5637-1] squid security update
2024-03-08 14:36:16

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for RH:CVE-2024-25617
vulnrichment1veracode1redhat9nessus24debiancve1nvd1redos1osv9openvas11cloudlinux1ubuntucve1cvelist1cve1prion1amazon1oraclelinux3almalinux2photon1ubuntu4mageia1debian1