CVE-2009-0478 in Squid
Summary
by MITRE
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/15/2025
The vulnerability identified as CVE-2009-0478 represents a critical denial of service flaw within the Squid caching proxy software ecosystem. This vulnerability affects multiple versions of Squid including 2.7 series up to 2.7.STABLE5, 3.0 series up to 3.0.STABLE12, and 3.1 series up to 3.1.0.4. The flaw manifests when remote attackers submit HTTP requests containing invalid version numbers, specifically targeting the HTTP protocol parsing mechanisms within Squid's core components. The vulnerability operates at the protocol level where Squid fails to properly validate HTTP version strings during request processing, leading to unexpected behavior that ultimately results in system instability.
The technical implementation of this vulnerability resides in the HttpMsg.c and HttpStatusLine.c source code files within Squid's HTTP message handling framework. When an HTTP request with an invalid version number is received, the software's internal assertion mechanisms trigger unexpectedly, causing the proxy to terminate or become unresponsive. This assertion failure occurs because Squid's HTTP parser does not adequately handle malformed version strings, specifically those that do not conform to the standard HTTP/1.0 or HTTP/1.1 version formats. The assertion check in these specific source files validates the HTTP version field and fails when encountering non-conforming input, resulting in the process termination or resource exhaustion.
From an operational perspective, this vulnerability presents a significant risk to organizations relying on Squid as their primary caching proxy infrastructure. Attackers can exploit this flaw by sending specially crafted HTTP requests with malformed version numbers, causing the proxy server to become unavailable to legitimate users. The impact extends beyond simple service disruption as the denial of service can affect entire network segments depending on the proxy's role in the infrastructure. Network administrators may experience cascading failures if the proxy is critical for internal web traffic, application delivery, or content caching operations. The vulnerability is particularly concerning because it requires minimal effort to exploit and can be executed remotely without authentication, making it an attractive target for automated attack tools.
The vulnerability maps directly to CWE-691, which describes insufficient control flow management in software systems. This classification emphasizes the inadequate handling of exceptional conditions within the control flow of Squid's HTTP parsing logic. Additionally, the flaw aligns with ATT&CK technique T1498.001, which covers Network Denial of Service attacks targeting proxy services. Organizations should implement immediate mitigations including upgrading to patched versions of Squid, implementing network-level filtering to block malformed HTTP requests, and deploying intrusion detection systems that can identify and alert on suspicious HTTP version field patterns. The recommended remediation strategy involves applying the vendor-provided patches that strengthen the HTTP version validation logic and improve the robustness of the assertion handling mechanisms. Organizations should also consider implementing rate limiting and request validation at the network perimeter to prevent exploitation of this vulnerability while awaiting official patches.