Test ID:	1.3.6.1.4.1.25623.1.0.107296
Category:	Web application abuses
Title:	Squid Proxy Cache Security Update Advisory (SQUID-2018:2) - Linux
Summary:	Squid is vulnerable to denial of service attack; when processing ESI responses.;; This VT has been deprecated and merged into the VT 'Squid Proxy Cache Security Update Advisory SQUID-2018:2'; (OID:1.3.6.1.4.1.25623.1.0.107297)
Description:	Summary: Squid is vulnerable to denial of service attack when processing ESI responses. This VT has been deprecated and merged into the VT 'Squid Proxy Cache Security Update Advisory SQUID-2018:2' (OID:1.3.6.1.4.1.25623.1.0.107297) Vulnerability Insight: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. Vulnerability Impact: This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Affected Software/OS: Squid 3.x -> 3.5.27, Squid 4.x -> 4.0.22. Solution: Updated Packages: This bug is fixed by Squid version 4.0.23. In addition, patches addressing this problem for the stable releases can be found in our patch archives for Squid 3.5 and Squid 4. If you are using a prepackaged version of Squid then please refer to the package vendor for availability information on updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1000027 Debian Security Information: DSA-4122 (Google Search) https://www.debian.org/security/2018/dsa-4122 https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html https://usn.ubuntu.com/3557-1/ https://usn.ubuntu.com/4059-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.