Denial of Service : Squid HTTP Range Request Handling DoS Vulnerability (SQUID-2014:2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.806106

Categoría: Denial of Service

Título: Squid HTTP Range Request Handling DoS Vulnerability (SQUID-2014:2)

Resumen: Squid is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Squid is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
Due to incorrect input validation in request parsing Squid
is vulnerable to a denial of service attack when processing Range requests.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause a
denial of service.

Affected Software/OS:
Squid versions 3.x through 3.3.12 and 3.4 through 3.4.6.

Solution:
Apply the patch or update to version 3.4.7, 3.3.13 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3609
BugTraq ID: 69453
http://www.securityfocus.com/bid/69453
Debian Security Information: DSA-3014 (Google Search)
http://www.debian.org/security/2014/dsa-3014
Debian Security Information: DSA-3139 (Google Search)
http://www.debian.org/security/2015/dsa-3139
RedHat Security Advisories: RHSA-2014:1147
http://rhn.redhat.com/errata/RHSA-2014-1147.html
http://secunia.com/advisories/60179
http://secunia.com/advisories/60334
http://secunia.com/advisories/61320
http://secunia.com/advisories/61412
SuSE Security Announcement: SUSE-SU-2014:1140 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
SuSE Security Announcement: openSUSE-SU-2014:1144 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html
http://www.ubuntu.com/usn/USN-2327-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.806106
Categoría:	Denial of Service
Título:	Squid HTTP Range Request Handling DoS Vulnerability (SQUID-2014:2)
Resumen:	Squid is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Squid is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Due to incorrect input validation in request parsing Squid is vulnerable to a denial of service attack when processing Range requests. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service. Affected Software/OS: Squid versions 3.x through 3.3.12 and 3.4 through 3.4.6. Solution: Apply the patch or update to version 3.4.7, 3.3.13 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3609 BugTraq ID: 69453 http://www.securityfocus.com/bid/69453 Debian Security Information: DSA-3014 (Google Search) http://www.debian.org/security/2014/dsa-3014 Debian Security Information: DSA-3139 (Google Search) http://www.debian.org/security/2015/dsa-3139 RedHat Security Advisories: RHSA-2014:1147 http://rhn.redhat.com/errata/RHSA-2014-1147.html http://secunia.com/advisories/60179 http://secunia.com/advisories/60334 http://secunia.com/advisories/61320 http://secunia.com/advisories/61412 SuSE Security Announcement: SUSE-SU-2014:1140 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html SuSE Security Announcement: openSUSE-SU-2014:1144 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html http://www.ubuntu.com/usn/USN-2327-1
Copyright	Copyright (C) 2015 Greenbone AG