CVE-2009-0478
NONE EPSS 99.4%
Published Feb 8, 200917y ago · Modified Jun 16, 20262w ago
Published Feb 8, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
Threat Intelligence
EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 22
| Vendor | Product | Version | Range |
|---|---|---|---|
| squid | squid | 2.7.stable1 | any |
| squid | squid | 2.7.stable2 | any |
| squid | squid | 2.7.stable3 | any |
| squid | squid | 2.7.stable4 | any |
| squid | squid | 2.7.stable5 | any |
| squid | squid | 3.0.stable1 | any |
| squid | squid | 3.0.stable2 | any |
| squid | squid | 3.0.stable3 | any |
| squid | squid | 3.0.stable4 | any |
| squid | squid | 3.0.stable5 | any |
| squid | squid | 3.0.stable6 | any |
| squid | squid | 3.0.stable7 | any |
| squid | squid | 3.0.stable8 | any |
| squid | squid | 3.0.stable9 | any |
| squid | squid | 3.0.stable10 | any |
| squid | squid | 3.0.stable11 | any |
| squid | squid | 3.0.stable12 | any |
| squid | squid | 3.1 | any |
| squid | squid | 3.1.0.1 | any |
| squid | squid | 3.1.0.2 | any |
| squid | squid | 3.1.0.3 | any |
| squid | squid | 3.1.0.4 | any |
References 12
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
- secunia.com http://secunia.com/advisories/33731
- secunia.com http://secunia.com/advisories/34467
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200903-38.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
- securityfocus.com http://www.securityfocus.com/archive/1/500653/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/33604
- securitytracker.com http://www.securitytracker.com/id?1021684
- squid-cache.org http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=484246
- exploit-db.com https://www.exploit-db.com/exploits/8021
Remediation
- securityfocus.com http://www.securityfocus.com/bid/33604