CVE-2009-2622
Squid 3.0-3.0.STABLE16 and 3.1-3.1.0.11 - Denial of Service via Malformed HTTP Requests
Title source: llmDescription
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022607
Patch, Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35812
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2013
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36007
Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:178
Scores
EPSS
0.5691
EPSS Percentile
99.0%
Details
CWE
CWE-20
Status
published
Products (6)
squid-cache/squid
3.0 (24 CPE variants)
squid-cache/squid
3.1
squid-cache/squid
3.1.0.1
squid-cache/squid
3.1.0.2
squid-cache/squid
3.1.0.3
squid-cache/squid
3.1.0.4
Published
Jul 28, 2009
Tracked Since
Feb 18, 2026