This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Squid First view 2007-12-04
Product Squid Web Proxy Cache Last view 2009-03-04
Version 3.0_pre3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:squid:squid_web_proxy_cache

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2009-03-04 CVE-2009-0801

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
5 2007-12-04 CVE-2007-6239

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
52409 Squid Transparent Interception Mode HTTP Host Header Dependancy Media Access ...
39381 Squid Cache Update Reply Processing Remote DoS

OpenVAS Exploits

id Description
2009-10-13 Name : SLES10: Security update for squid
File : nvt/sles10_squid0.nasl
2009-10-10 Name : SLES9: Security update for squid
File : nvt/sles9p5015636.nasl
2009-04-09 Name : Mandriva Update for squid MDVSA-2008:134 (squid)
File : nvt/gb_mandriva_MDVSA_2008_134.nasl
2009-04-09 Name : Mandriva Update for squid MDVSA-2008:002 (squid)
File : nvt/gb_mandriva_MDVSA_2008_002.nasl
2009-03-31 Name : Gentoo Security Advisory GLSA 200903-38 (Squid)
File : nvt/glsa_200903_38.nasl
2009-03-23 Name : Ubuntu Update for squid vulnerability USN-601-1
File : nvt/gb_ubuntu_USN_601_1.nasl
2009-03-23 Name : Ubuntu Update for squid vulnerability USN-565-1
File : nvt/gb_ubuntu_USN_565_1.nasl
2009-03-06 Name : RedHat Update for squid RHSA-2008:0214-01
File : nvt/gb_RHSA-2008_0214-01_squid.nasl
2009-03-06 Name : RedHat Update for squid RHSA-2007:1130-01
File : nvt/gb_RHSA-2007_1130-01_squid.nasl
2009-02-27 Name : CentOS Update for squid CESA-2008:0214 centos4 x86_64
File : nvt/gb_CESA-2008_0214_squid_centos4_x86_64.nasl
2009-02-27 Name : Fedora Update for squid FEDORA-2007-4170
File : nvt/gb_fedora_2007_4170_squid_fc8.nasl
2009-02-27 Name : Fedora Update for squid FEDORA-2007-4161
File : nvt/gb_fedora_2007_4161_squid_fc7.nasl
2009-02-27 Name : CentOS Update for squid CESA-2008:0214 centos4 i386
File : nvt/gb_CESA-2008_0214_squid_centos4_i386.nasl
2009-02-27 Name : CentOS Update for squid CESA-2008:0214 centos3 x86_64
File : nvt/gb_CESA-2008_0214_squid_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for squid CESA-2008:0214 centos3 i386
File : nvt/gb_CESA-2008_0214_squid_centos3_i386.nasl
2009-02-27 Name : CentOS Update for squid CESA-2008:0214-01 centos2 i386
File : nvt/gb_CESA-2008_0214-01_squid_centos2_i386.nasl
2009-02-27 Name : CentOS Update for squid CESA-2007:1130 centos4 x86_64
File : nvt/gb_CESA-2007_1130_squid_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for squid CESA-2007:1130 centos4 i386
File : nvt/gb_CESA-2007_1130_squid_centos4_i386.nasl
2009-02-27 Name : CentOS Update for squid CESA-2007:1130 centos3 x86_64
File : nvt/gb_CESA-2007_1130_squid_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for squid CESA-2007:1130 centos3 i386
File : nvt/gb_CESA-2007_1130_squid_centos3_i386.nasl
2009-02-27 Name : CentOS Update for squid CESA-2007:1130-04 centos2 i386
File : nvt/gb_CESA-2007_1130-04_squid_centos2_i386.nasl
2008-11-01 Name : Debian Security Advisory DSA 1646-2 (squid)
File : nvt/deb_1646_2.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200801-05 (squid)
File : nvt/glsa_200801_05.nasl
2008-09-04 Name : FreeBSD Ports: squid
File : nvt/freebsd_squid21.nasl
2008-02-15 Name : Debian Security Advisory DSA 1482-1 (squid)
File : nvt/deb_1482_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Multiple Products excessive HTTP 304 Not Modified responses exploit attempt
RuleID : 16008 - Type : OS-WINDOWS - Revision : 18

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1025.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160531_squid34_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-06-08 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160531_squid_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2016-1140.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-1139.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2016-1140.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-1139.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1140.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1139.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201309-22.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2008-0214.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-1130.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20071218_squid_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12004.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-002.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-134.nasl - Type: ACT_GATHER_INFO
2009-03-25 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200903-38.nasl - Type: ACT_GATHER_INFO
2008-10-07 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1646.nasl - Type: ACT_GATHER_INFO
2008-04-17 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-601-1.nasl - Type: ACT_GATHER_INFO
2008-04-17 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2008-0214.nasl - Type: ACT_GATHER_INFO
2008-04-11 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2008-0214.nasl - Type: ACT_GATHER_INFO
2008-02-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1482.nasl - Type: ACT_GATHER_INFO
2008-01-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-565-1.nasl - Type: ACT_GATHER_INFO
2008-01-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200801-05.nasl - Type: ACT_GATHER_INFO
2007-12-31 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_squid-4782.nasl - Type: ACT_GATHER_INFO