CVE-2009-0478

NONE EPSS 99.4%
Published Feb 8, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 8, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Threat Intelligence

EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 22

VendorProductVersionRange
squidsquid2.7.stable1any
squidsquid2.7.stable2any
squidsquid2.7.stable3any
squidsquid2.7.stable4any
squidsquid2.7.stable5any
squidsquid3.0.stable1any
squidsquid3.0.stable2any
squidsquid3.0.stable3any
squidsquid3.0.stable4any
squidsquid3.0.stable5any
squidsquid3.0.stable6any
squidsquid3.0.stable7any
squidsquid3.0.stable8any
squidsquid3.0.stable9any
squidsquid3.0.stable10any
squidsquid3.0.stable11any
squidsquid3.0.stable12any
squidsquid3.1any
squidsquid3.1.0.1any
squidsquid3.1.0.2any
squidsquid3.1.0.3any
squidsquid3.1.0.4any

References 12

Remediation