CVE-2018-1000027 in Squid Proxy
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Reservation
01/29/2018
Disclosure
02/09/2018
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 113073 | Squid Proxy HTTP Header null pointer dereference | 476 | Not defined | Official fix | CVE-2018-1000027 |