cbcvebase.
CVE-2013-4123
published 2013-09-16

CVE-2013-4123: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a…

PriorityP345medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
80.45%
99.6th percentile
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
debiansquid
opensuseopensuse
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid

Detection & IOCsextracted from sources · hover to see the quote

port3128
commandHEAD http://yahoo.com/ HTTP/1.1 Host: yahoo.com:<'yc'x2000>
  • Detect oversized/non-numeric port values in the HTTP Host header (e.g., Host: <host>:<large_repeated_string>) sent to Squid proxy port 3128; the PoC uses a 4000-byte string ('yc' repeated 2000 times) as the port field.
  • Squid crash/assert triggered by crafted Host header port manifests as 'FATAL: Bungled (null) line' in Squid logs followed by abnormal termination — monitor Squid logs for this pattern.
  • Affected component is client_side_request.cc; the vulnerability is triggered via a crafted port number in the HTTP Host header targeting Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8.
  • ·Red Hat Enterprise Linux 5 and 6 ship versions of squid that do not contain the vulnerable code path and are not affected.
  • ·Squid service will automatically respawn after the crash, so the DoS may appear intermittent rather than persistent.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.