Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4123 — Improper Input Validation in Squid

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

69.9%

top 1.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opensuse Squid-cache Squid

Timeline

PublishedSep 16

Latest updateMay 14

Description

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDsquid-cache/squid41 versions+40

▶NVDopensuse/opensuse12.3

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-gpv8-rwm7-v9hg: client_side_request↗2022-05-14

▶

CVEList

CVE-2013-4123: client_side_request↗2013-09-16

▶

💥Exploits & PoCs

Exploit-DB

Squid 3.3.5 - Denial of Service (PoC)↗2013-07-16

▶

📋Vendor Advisories

Red Hat

squid: Denial of service when processing specially-crafted HTTP requests (SQUID-2013:3)↗2013-07-13

▶

Debian

CVE-2013-4123: squid - client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allow...↗2013

▶

💬Community

Bugzilla

CVE-2013-4123 squid: Denial of service when processing specially-crafted HTTP requests (SQUID-2013:3)↗2013-07-15

▶

Bugzilla

squid: CVE-2013-4123 squid: Denial of service when processing specially-crafted HTTP requests (SQUID-2013:3) [fedora-all]↗2013-07-15

▶