Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-28662

Опубликовано: 10 мая 2021
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. The highest threat from this vulnerability is to system availability.

Отчет

The versions of squid as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as the vulnerable code was introduced in a later version of the package.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6squidNot affected
Red Hat Enterprise Linux 6squid34Not affected
Red Hat Enterprise Linux 7squidNot affected
Red Hat Enterprise Linux 9squidNot affected
Red Hat Enterprise Linux 8squidFixedRHSA-2021:429209.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1962254squid: denial of service in HTTP response processing

EPSS

Процентиль: 92%
0.08921
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-28662

CVSS3: 6.5
ubuntu
около 4 лет назад

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

nvd логотип

CVE-2021-28662

CVSS3: 6.5
nvd
около 4 лет назад

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

debian логотип

CVE-2021-28662

CVSS3: 6.5
debian
около 4 лет назад

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...

fstec логотип

BDU:2021-02731

CVSS3: 7.4
fstec
около 4 лет назад

Уязвимость прокси-сервера Squid, существующая из-за недостаточной проверки ввода при обработке ответов HTTP, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

openSUSE-SU-2021:1961-1

suse-cvrf
около 4 лет назад

Security update for squid

EPSS

Процентиль: 92%
0.08921
Низкий

6.5 Medium

CVSS3