Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
2021-05-28T12:15:07.697
2024-11-21T06:09:12.380
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:P
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | squid-cache | squid | < 4.15 | Yes |
Application | squid-cache | squid | < 5.0.6 | Yes |
Operating System | fedoraproject | fedora | 33 | Yes |
Operating System | fedoraproject | fedora | 34 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |