漏洞类别:Proxy
漏洞等级: 
漏洞信息
Squid Proxy is a freely available open source Web proxy software package. It is designed for use on Unix, Linux and Windows platforms.
Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.
Affected Software:
All Squid-3.2 and older have not been tested but are expected to be vulnerable.
Squid 3.x to 3.5.14
Squid 4.x to 4.0.6
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by reviewing the version of the Squid Proxy service.
漏洞危害
Allows remote attackers to cause a denial of service attack by sending crafted HTTP headers.
解决方案
The vendor has released updates to resolve this issue.
Refer to vendor advisory SQUID-2016:2 to obtain more details and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论