ID de Prueba:	1.3.6.1.4.1.25623.1.0.114851
Categoría:	Web Servers
Título:	Squid Multiple DoS Vulnerabilities (GHSA-f975-v7qw-q7hj, SQUID-2024:4)
Resumen:	Squid is prone to multiple denial of service (DoS); vulnerabilities due to multiple issues in ESI.
Descripción:	Summary: Squid is prone to multiple denial of service (DoS) vulnerabilities due to multiple issues in ESI. Vulnerability Insight: Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. These flaws were part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as: - Memory Leak in ESI Error Processing - Assertion in ESI Header Handling - Use-After-Free in ESI 'Try' (and 'Choose') Processing - Use-After-Free in ESI Expression Evaluation - Assertion Due to 0 ESI 'when' Checking - Assertion Using ESI's When Directive - Assertion in ESI Variable Assignment (String) - Assertion in ESI Variable Assignment - Null Pointer Dereference In ESI's esi:include and esi:when Affected Software/OS: Squid version 3.0 through 6.x. Solution: Update to version 7.0 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-45802
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.