| VID |
22590 |
| Severity |
30 |
| Port |
8080,3128 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
According to its banner, the version of Squid is 3.3.x earlier than than 3.3.8. The vulnerability is caused due to an error when handling port number values within the "Host" header of HTTP requests and can be exploited to render the service unusable.
* Note: This check solely relied on the banner of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.
* References:
http://www.squid-cache.org/Advisories/SQUID-2013_3.txt
* Platforms Affected:
Squid Web Proxy Cache versions 3.3.x prior to 3.3.8
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Squid (3.3.8 or later), available from the Squid Web site at http://www.squid-cache.org/ |
| Related URL |
CVE-2013-4123 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
