Korean
<< Back
VID 22573
Severity 30
Port 8080,3128
Protocol TCP
Class Webproxy
Detailed Description According to its banner, the version of Squid is 3.2.x earlier than than 3.2.4. The included 'cachemgr.cgi' tool reportedly lacks input validation, which could be abused by any client able to access that tool to perform a denial of service attack on the service host.

* Note: This check solely relied on the banner of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.

* References:
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt

* Platforms Affected:
Squid Web Proxy Cache versions 3.2.x prior to 3.2.4
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Squid (3.2.4 or later), available from the Squid Web site at http://www.squid-cache.org/
Related URL CVE-2012-5643 (CVE)
Related URL 56957 (SecurityFocus)
Related URL (ISS)