Squid Proxy bis 3.5.14/4.0.6 Response http.cc erweiterte Rechte

Eine kritische Schwachstelle wurde in Squid Proxy bis 3.5.14/4.0.6 (Firewall Software) entdeckt. Davon betroffen ist eine unbekannte Funktion der Datei http.cc der Komponente Response Handler. Ein Upgrade auf die Version 3.5.15 oder 4.0.7 vermag dieses Problem zu beheben. Das Erscheinen einer Gegenmassnahme geschah vor und nicht erst nach der Veröffentlichung der Schwachstelle. Squid hat entsprechend vorgängig reagiert.

Feld28.02.2016 21:3601.02.2019 14:39
typeFirewall SoftwareFirewall Software
vendorSquidSquid
nameProxyProxy
version<=3.5.14/4.0.6<=3.5.14/4.0.6
componentResponse HandlerResponse Handler
filehttp.cchttp.cc
cwe20 (erweiterte Rechte)20 (erweiterte Rechte)
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.23.2
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore6.56.5
cvss3_vuldb_basescore7.57.5
cvss3_vuldb_tempscore6.56.5
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1456531200 (27.02.2016)1456531200 (27.02.2016)
locationoss-secoss-sec
urlhttp://www.openwall.com/lists/oss-security/2016/02/26/2http://www.openwall.com/lists/oss-security/2016/02/26/2
confirm_urlhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txthttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
upgrade_version3.5.15/4.0.73.5.15/4.0.7
cveCVE-2016-2571CVE-2016-2571
cve_assigned14564448001456444800
cve_nvd_published14565312001456531200
cve_nvd_summaryhttp.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
oval_idoval:org.cisecurity:def:573oval:org.cisecurity:def:573
securityfocus8340683406
securityfocus_titleSquid Multiple Denial of Service VulnerabilitiesSquid Multiple Denial of Service Vulnerabilities
vulnerabilitycenter5737557375
vulnerabilitycenter_titleSquid 3.0 - 3.5.14 and 4.0 - 4.0.6 Remote DoS via a Malformed ResponseSquid 3.0 - 3.5.14 and 4.0 - 4.0.6 Remote DoS via a Malformed Response
vulnerabilitycenter_severityMediumMedium
vulnerabilitycenter_creationdate14581728001458172800
vulnerabilitycenter_lastupdate15403392001540339200
vulnerabilitycenter_reportingdate14563584001456358400
xforce111079111079
xforce_titleSquid http.cc denial of serviceSquid http.cc denial of service
xforce_identifiersquid-cve20162571-dossquid-cve20162571-dos
nessus_id8894488944
nessus_nameFreeBSD : squid -- remote DoS in HTTP response processing (660ebbf5-daeb-11e5-b2bd-002590263bf5)FreeBSD : squid -- remote DoS in HTTP response processing (660ebbf5-daeb-11e5-b2bd-002590263bf5)
nessus_filenamefreebsd_pkg_660ebbf5daeb11e5b2bd002590263bf5.naslfreebsd_pkg_660ebbf5daeb11e5b2bd002590263bf5.nasl
nessus_riskMediumMedium
nessus_familyFreeBSD Local Security ChecksFreeBSD Local Security Checks
nessus_typelocallocal
nessus_date1456358400 (25.02.2016)1456358400 (25.02.2016)
openvas_id103320103320
openvas_filenamegb_squid_mult_dos_vuln_march16_win.naslgb_squid_mult_dos_vuln_march16_win.nasl
openvas_titleSquid Multiple Denial of Service Vulnerabilities March16 (Windows)Squid Multiple Denial of Service Vulnerabilities March16 (Windows)
openvas_familyDenial of ServiceDenial of Service
qualys_id169027169027
qualys_titleSUSE Enterprise Linux Security Update for squid3 (SUSE-SU-2016:1996-1)SUSE Enterprise Linux Security Update for squid3 (SUSE-SU-2016:1996-1)
seealso4435 7183 9526 67519 67520 68284 68285 78130 81028 81108 81109 81111 81132 81565 815664435 7183 9526 67519 67520 68284 68285 78130 81028 81108 81109 81111 81132 81565 81566
cvss2_vuldb_eUU
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eUU
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore7.57.5
cvss3_vuldb_avN
cvss3_vuldb_acL
cvss3_vuldb_prN
cvss3_vuldb_uiN
cvss3_vuldb_sU
cvss3_vuldb_cN
cvss3_vuldb_iN
cvss3_vuldb_aH
person_nicknameAlex
company_nameOpen Systems AG
date1456272000 (24.02.2016)
securityfocus_date1456185600 (23.02.2016)
securityfocus_classUnknown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!