CVE-2009-2622: Input Validation
First published: Tue Jul 28 2009(Updated: )
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid Web Proxy Cache | =3.0-rc4 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.1.0.3 | |
| Squid Web Proxy Cache | =3.1.0.1 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0-rc1 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.1.0.2 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.1.0.4 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.1 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
- http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
- http://www.vupen.com/english/advisories/2009/2013
- http://secunia.com/advisories/36007
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:178
- http://www.securitytracker.com/id?1022607
- http://www.securityfocus.com/bid/35812
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
Frequently Asked Questions
What is the severity of CVE-2009-2622?
CVE-2009-2622 is categorized as a denial of service vulnerability affecting certain versions of Squid.
How do I fix CVE-2009-2622?
To mitigate CVE-2009-2622, upgrade to a patched version of Squid that addresses this vulnerability.
Which versions of Squid are affected by CVE-2009-2622?
CVE-2009-2622 affects Squid versions 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11.
What type of attacks does CVE-2009-2622 enable?
CVE-2009-2622 allows remote attackers to execute denial of service attacks through malformed requests.
Is CVE-2009-2622 easy to exploit?
CVE-2009-2622 can be exploited relatively easily by sending specially crafted requests to the affected Squid versions.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/squid-cache
- canonical/squid web proxy cache
- version/squid web proxy cache/3.0-rc4
- version/squid web proxy cache/3.0
- version/squid web proxy cache/3.1.0.3
- version/squid web proxy cache/3.1.0.1
- version/squid web proxy cache/3.0-rc1
- version/squid web proxy cache/3.1.0.2
- version/squid web proxy cache/3.1.0.4
- version/squid web proxy cache/3.1