CVE-2009-2622

Squid 3.0-3.0.STABLE16 and 3.1-3.1.0.11 - Denial of Service via Malformed HTTP Requests

Title source: llm
STIX 2.1

Description

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022607
Patch, Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35812
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2013
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36007
Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:178

Scores

EPSS 0.5691
EPSS Percentile 99.0%

Details

CWE
CWE-20
Status published
Products (6)
squid-cache/squid 3.0 (24 CPE variants)
squid-cache/squid 3.1
squid-cache/squid 3.1.0.1
squid-cache/squid 3.1.0.2
squid-cache/squid 3.1.0.3
squid-cache/squid 3.1.0.4
Published Jul 28, 2009
Tracked Since Feb 18, 2026