Updated: 2024-11-22 04:27:57.876779
Description:
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | squid | 5.5 | 7.5 | HIGH | In Progress | 2024-11-28 11:52:06 | ||
CentOS 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | CLSA-2024:1706027577 | 2024-02-05 08:26:07 | |
CentOS 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | CLSA-2024:1706027727 | 2024-02-05 08:26:03 | |
CentOS 8.4 ELS | squid | 4.11-4 | 7.5 | HIGH | Released | CLSA-2024:1706026202 | 2024-01-23 13:09:20 | |
CentOS 8.5 ELS | squid | 4.15-1 | 7.5 | HIGH | Released | CLSA-2024:1706697415 | 2024-01-31 08:45:00 | |
CloudLinux 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | CLSA-2024:1706027118 | 2024-02-05 08:26:02 | |
CloudLinux 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | CLSA-2024:1706027017 | 2024-02-05 08:26:04 | |
Oracle Linux 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | CLSA-2024:1706026564 | 2024-01-23 13:09:17 | |
Oracle Linux 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | CLSA-2024:1706026402 | 2024-01-23 13:09:20 | |
Ubuntu 16.04 ELS | squid | 3.5.12-1 | 7.5 | HIGH | Released | CLSA-2024:1706026686 | 2024-01-23 13:09:21 |