VID |
22573 |
Severity |
30 |
Port |
8080,3128 |
Protocol |
TCP |
Class |
Webproxy |
Detailed Description |
According to its banner, the version of Squid is 3.2.x earlier than than 3.2.4. The included 'cachemgr.cgi' tool reportedly lacks input validation, which could be abused by any client able to access that tool to perform a denial of service attack on the service host.
* Note: This check solely relied on the banner of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.
* References: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
* Platforms Affected: Squid Web Proxy Cache versions 3.2.x prior to 3.2.4 Linux Any version Unix Any version |
Recommendation |
Upgrade to the latest version of Squid (3.2.4 or later), available from the Squid Web site at http://www.squid-cache.org/ |
Related URL |
CVE-2012-5643 (CVE) |
Related URL |
56957 (SecurityFocus) |
Related URL |
(ISS) |
|