|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-30 | |
| Rule Name: | Squid Proxy Unauthenticated HTTP Header Denial of Service Vulnerabilities Vulnerability (CVE-2021-31806) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Others | |
| Reference: | http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf/ |