Test ID:	1.3.6.1.4.1.25623.1.0.146029
Category:	Denial of Service
Title:	Squid 4.0.1 < 4.14, 5.0.1 < 5.0.5 DoS Vulnerability (GHSA-jjq6-mh2h-g39h, SQUID-2021:2)
Summary:	Squid is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Squid is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Due to an input validation bug Squid is vulnerable to a DoS against all clients using the proxy. This problem allows a remote server to perform a DoS when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Vary: Other HTTP Response Assertion Crash'. Affected Software/OS: Squid version 4.0.1 through 4.14 and 5.0.1 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-28662 Debian Security Information: DSA-4924 (Google Search) https://www.debian.org/security/2021/dsa-4924 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h http://www.openwall.com/lists/oss-security/2023/10/11/3
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.