Korean
<< Back
VID 22589
Severity 30
Port 8080,3128
Protocol TCP
Class Webproxy
Detailed Description According to its banner, the version of Squid is 3.2.x earlier than than 3.2.13. The vulnerability is caused due to an error when handling port number values within the "Host" header of HTTP requests and can be exploited to render the service unusable.

* Note: This check solely relied on the banner of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.

* References:
http://www.squid-cache.org/Advisories/SQUID-2013_3.txt

* Platforms Affected:
Squid Web Proxy Cache versions 3.2.x prior to 3.2.13
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Squid (3.2.13 or later), available from the Squid Web site at http://www.squid-cache.org/
Related URL CVE-2013-4123 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)