Test ID:	1.3.6.1.4.1.25623.1.0.100832
Category:	Web Servers
Title:	Squid DoS Vulnerability (GHSA-phqj-m8gv-cq4g, SQUID-2023:3)
Summary:	Squid is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Squid is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest Authentication. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Buffer Overflow in Digest Authentication'. Affected Software/OS: Squid versions 3.2.0.1 through 5.9 and 6.0 through 6.3. Solution: Update to version 6.4 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46847 RHBZ#2245916 https://bugzilla.redhat.com/show_bug.cgi?id=2245916 RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6266 RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6267 RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6268 RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6748 RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6801 RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6803 RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6804 RHSA-2023:6805 https://access.redhat.com/errata/RHSA-2023:6805 RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:6810 RHSA-2023:6882 https://access.redhat.com/errata/RHSA-2023:6882 RHSA-2023:6884 https://access.redhat.com/errata/RHSA-2023:6884 RHSA-2023:7213 https://access.redhat.com/errata/RHSA-2023:7213 RHSA-2023:7576 https://access.redhat.com/errata/RHSA-2023:7576 RHSA-2023:7578 https://access.redhat.com/errata/RHSA-2023:7578 https://access.redhat.com/security/cve/CVE-2023-46847 https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://security.netapp.com/advisory/ntap-20231130-0002/
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.