CVE-2009-2622
Last modified
CVE-2009-2622 is a vulnerability of currently unknown severity. Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.. EPSS estimates a 56.91% chance of exploitation in the next 30 days.
Description
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | 3.0 |
| Squid-Cache | Squid | 3.1 |
| Squid-Cache | Squid | 3.1.0.1 |
| Squid-Cache | Squid | 3.1.0.2 |
| Squid-Cache | Squid | 3.1.0.3 |
| Squid-Cache | Squid | 3.1.0.4 |
References
- http://www.squid-cache.org/Advisories/SQUID-2009_2.txtVendor Advisory
- http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patchPatch, Vendor Advisory
- http://www.squid-cache.org/Advisories/SQUID-2009_2.txtVendor Advisory
- http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patchPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2622?
How severe is CVE-2009-2622?
How do I fix CVE-2009-2622?
Are you affected by CVE-2009-2622?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST