CVE-2009-2622
published 2009-07-28CVE-2009-2622: Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or…
PriorityP338medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
56.91%
98.9th percentile
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: malformed HTTP response with missing or mismatched protocol identifier sent to Squid 3.0–3.0.STABLE16 or 3.1–3.1.0.11 causes denial of service via HttpMsg.cc / HttpReply.cc ↗
- →Patch reference for CVE-2009-2622 fix in Squid 3.1 branch — diff can be used to identify vulnerable code paths in HttpMsg.cc/HttpReply.cc for writing targeted detection rules ↗
- →Vendor advisory covering both CVE-2009-2621 and CVE-2009-2622 — describes the class of malformed requests/responses that trigger the DoS; useful for crafting IDS signatures ↗
- ·Only Squid 3.x is affected (3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11); Squid 2.x as shipped with RHEL 3/4/5 is NOT affected ↗
- ·The vulnerability is exploitable by any trusted client or an external server — both inbound client requests and upstream server responses are attack vectors ↗
- ·Fixed versions are Squid 3.0.STABLE17 / 3.0.STABLE18 and 3.1.0.12; deployments still running 3.0–3.0.STABLE16 or 3.1–3.1.0.11 remain vulnerable ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
vendor_redhat·2009-07-27·CVSS 5.0
CVE-2009-2622 [MEDIUM] squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
squid: multiple vulnerabilities fixed in squid 3.0.STABLE17
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Statement: Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2009-2622: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers ...
vendor_debian·2009·CVSS 5.0
CVE-2009-2622 [MEDIUM] CVE-2009-2622: squid - Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers ...
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-ww59-3r9r-8fph: Squid 3
ghsa_unreviewed·2022-05-02
CVE-2009-2622 [MEDIUM] CWE-20 GHSA-ww59-3r9r-8fph: Squid 3
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/36007http://www.mandriva.com/security/advisories?name=MDVSA-2009:161http://www.mandriva.com/security/advisories?name=MDVSA-2009:178http://www.securityfocus.com/bid/35812http://www.securitytracker.com/id?1022607http://www.squid-cache.org/Advisories/SQUID-2009_2.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patchhttp://www.vupen.com/english/advisories/2009/2013http://secunia.com/advisories/36007http://www.mandriva.com/security/advisories?name=MDVSA-2009:161http://www.mandriva.com/security/advisories?name=MDVSA-2009:178http://www.securityfocus.com/bid/35812http://www.securitytracker.com/id?1022607http://www.squid-cache.org/Advisories/SQUID-2009_2.txthttp://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patchhttp://www.vupen.com/english/advisories/2009/2013
2009-07-28
Published