Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-50269

Опубликовано: 14 дек. 2023
Источник: nvd
CVSS3: 8.6
CVSS3: 7.5
EPSS Низкий

Описание

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 3.1 (включая) до 5.9 (включая)
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 6.0.1 (включая) до 6.5 (включая)
cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.0149
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-674

Связанные уязвимости

ubuntu логотип

CVE-2023-50269

CVSS3: 8.6
ubuntu
больше 1 года назад

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

redhat логотип

CVE-2023-50269

CVSS3: 7.5
redhat
больше 1 года назад

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

debian логотип

CVE-2023-50269

CVSS3: 8.6
debian
больше 1 года назад

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...

fstec логотип

BDU:2023-08827

CVSS3: 8.6
fstec
больше 1 года назад

Уязвимость функции follow_x_forwarded_for() прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2024:0455-1

suse-cvrf
больше 1 года назад

Security update for squid

EPSS

Процентиль: 80%
0.0149
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-674