Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Published

2009-02-08T22:30:00.360

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application squid squid 2.7.stable1 Yes
Application squid squid 2.7.stable2 Yes
Application squid squid 2.7.stable3 Yes
Application squid squid 2.7.stable4 Yes
Application squid squid 2.7.stable5 Yes
Application squid squid 3.0.stable1 Yes
Application squid squid 3.0.stable2 Yes
Application squid squid 3.0.stable3 Yes
Application squid squid 3.0.stable4 Yes
Application squid squid 3.0.stable5 Yes
Application squid squid 3.0.stable6 Yes
Application squid squid 3.0.stable7 Yes
Application squid squid 3.0.stable8 Yes
Application squid squid 3.0.stable9 Yes
Application squid squid 3.0.stable10 Yes
Application squid squid 3.0.stable11 Yes
Application squid squid 3.0.stable12 Yes
Application squid squid 3.1 Yes
Application squid squid 3.1.0.1 Yes
Application squid squid 3.1.0.2 Yes
Application squid squid 3.1.0.3 Yes
Application squid squid 3.1.0.4 Yes
References