Squid-Cache Squid vulnerabilities

CVE-2016-2571 [HIGH] CWE-20 CVE-2016-2571: http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data af http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

CVE-2016-2569 [HIGH] CWE-20 CVE-2016-2569: Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

CVE-2016-2572 [HIGH] CWE-20 CVE-2016-2572: http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, w http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

CVE-2016-2570 [HIGH] CWE-20 CVE-2016-2570: The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check b The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

CVE-2014-9749 [MEDIUM] CWE-264 CVE-2014-9749: Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remo Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

CVE-2015-5400 [MEDIUM] CWE-264 CVE-2015-5400: Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

CVE-2015-3455 [LOW] CWE-20 CVE-2015-3455: Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when co Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

CVE-2015-0881 [MEDIUM] CVE-2015-0881: CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

CVE-2014-7141 [MEDIUM] CWE-19 CVE-2014-7141: The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or caus The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142 [MEDIUM] CWE-20 CVE-2014-7142: The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or caus The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

CVE-2014-6270 [MEDIUM] CWE-119 CVE-2014-6270: Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP po Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

CVE-2014-3609 [MEDIUM] CWE-20 CVE-2014-3609: HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

CVE-2014-0128 [MEDIUM] CWE-20 CVE-2014-0128: Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to c Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

CVE-2013-1839 [HIGH] CWE-20 CVE-2013-1839: The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3. The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

CVE-2013-4123 [MEDIUM] CWE-20 CVE-2013-4123: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers t client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

CVE-2013-4115 [HIGH] CWE-119 CVE-2013-4115: Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 t Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

CVE-2013-0189 [MEDIUM] CVE-2013-0189: cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote att cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

CVE-2012-5643 [MEDIUM] CWE-20 CVE-2012-5643: Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

CVE-2012-2213 [MEDIUM] CWE-264 CVE-2012-2213: Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by pro Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf fi

CVE-2011-4096 [MEDIUM] CWE-399 CVE-2011-4096: The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.