CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
91.1%
A vulnerability in the Squid proxy server related to the execution of a “buffer overflow” attack, writing up to 2MB of
of arbitrary data to the memory heap when Squid is configured to accept HTTP Digest Authentication.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
Squid proxy vulnerability related to restrictions applied to the header validation of the
HTTP response headers before caching. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
Squid proxy server chunked decoder vulnerability related to the server’s interpretation of fragmented syntax.
fragmented encoding syntax. Exploitation of the vulnerability could allow an attacker,
acting remotely to communicate directly with the server.
Squid proxy vulnerability related to sending ftp URLs in HTTP request messages, or
creating ftp URLs from FTP Native input data. Exploitation of the vulnerability could allow
an attacker acting remotely to cause a denial of service