CVE-2009-0478

Squid 2.7-2.7.STABLE5, 3.0-3.0.STABLE12, 3.1-3.1.0.4 - Denial of Service via Invalid HTTP Version Number

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0478. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary This exploit targets CVE-2009-0478, a DoS vulnerability in certain web servers by sending malformed HTTP version strings. It iterates through a list of malicious versions to trigger the vulnerability.

Description

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Praveen Darshanam · perldosmultiple

https://www.exploit-db.com/exploits/8021

View Code ZIP pw:eip

This exploit targets CVE-2009-0478, a DoS vulnerability in certain web servers by sending malformed HTTP version strings. It iterates through a list of malicious versions to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Web servers vulnerable to malformed HTTP version strings

No auth needed

Prerequisites: Network access to the target server · Target server running vulnerable software

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33604

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33731

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200903-38.xml

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500653/100/0/threaded

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=484246

Vendor Advisory x_refsource_confirm

http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021684

Vendor Advisory x_refsource_confirm

http://www.squid-cache.org/Advisories/SQUID-2009_1.txt

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:034

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8021

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34467

Scores

EPSS 0.7199

EPSS Percentile 99.4%

Details

CWE

CWE-20

Status published

Products (22)

squid/squid 2.7.stable1

squid/squid 2.7.stable2

squid/squid 2.7.stable3

squid/squid 2.7.stable4

squid/squid 2.7.stable5

squid/squid 3.0.stable1

squid/squid 3.0.stable2

squid/squid 3.0.stable3

squid/squid 3.0.stable4

squid/squid 3.0.stable5

... and 12 more

Published Feb 08, 2009

Tracked Since Feb 18, 2026