Test Kennung:	1.3.6.1.4.1.25623.1.0.114851
Kategorie:	Web Servers
Titel:	Squid Multiple DoS Vulnerabilities (GHSA-f975-v7qw-q7hj, SQUID-2024:4)
Zusammenfassung:	Squid is prone to multiple denial of service (DoS); vulnerabilities due to multiple issues in ESI.
Beschreibung:	Summary: Squid is prone to multiple denial of service (DoS) vulnerabilities due to multiple issues in ESI. Vulnerability Insight: Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. These flaws were part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as: - Memory Leak in ESI Error Processing - Assertion in ESI Header Handling - Use-After-Free in ESI 'Try' (and 'Choose') Processing - Use-After-Free in ESI Expression Evaluation - Assertion Due to 0 ESI 'when' Checking - Assertion Using ESI's When Directive - Assertion in ESI Variable Assignment (String) - Assertion in ESI Variable Assignment - Null Pointer Dereference In ESI's esi:include and esi:when Affected Software/OS: Squid version 3.0 through 6.x. Solution: Update to version 7.0 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-45802
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.