CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
15.5%
A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages.
To mitigate this flaw in Squid versions prior to 6.5, set the request_header_max_size and reply_header_max_size configuration options to 21KB. The following lines should be added to the Squid configuration file:
request_header_max_size 21 KB
reply_header_max_size 21 KB
In Squid versions 6.5 and newer, the default values of these options are considered safe and the above configuration can be removed. Also, Squid will emit a warning in the logs if the configured values are unsafe.