Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000027

Опубликовано: 19 янв. 2018
Источник: redhat
CVSS3: 6.8
EPSS Средний

Описание

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Меры по смягчению последствий

A workaround for this issue is to set the "log_uses_indirect_client off" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidNot affected
Red Hat Enterprise Linux 6squidWill not fix
Red Hat Enterprise Linux 6squid34Will not fix
Red Hat Enterprise Linux 8squidNot affected
Red Hat Enterprise Linux 7squidFixedRHSA-2020:106831.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-117
https://bugzilla.redhat.com/show_bug.cgi?id=1536942squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service

EPSS

Процентиль: 98%
0.64759
Средний

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000027

CVSS3: 7.5
ubuntu
больше 7 лет назад

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

nvd логотип

CVE-2018-1000027

CVSS3: 7.5
nvd
больше 7 лет назад

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

debian логотип

CVE-2018-1000027

CVSS3: 7.5
debian
больше 7 лет назад

The Squid Software Foundation Squid HTTP Caching Proxy version prior t ...

github логотип

GHSA-hwhj-rr4w-2xmm

CVSS3: 7.5
github
около 3 лет назад

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

fstec логотип

BDU:2018-01511

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость прокси-сервера Squid, связанная с обращением за пределы выделенного буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%
0.64759
Средний

6.8 Medium

CVSS3