CVE-2013-0189

Squid 3.1.x-3.2.x - Denial of Service via Crafted cachemgr.cgi Request

Title source: llm
STIX 2.1

Description

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2631
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1713-1
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52024
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54839
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57646
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=895972

Scores

EPSS 0.2303
EPSS Percentile 97.5%

Details

CWE
CWE-119
Status published
Products (50)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
squid-cache/squid 3.1
squid-cache/squid 3.1.0.1
squid-cache/squid 3.1.0.2
squid-cache/squid 3.1.0.3
squid-cache/squid 3.1.0.4
squid-cache/squid 3.1.0.5
... and 40 more
Published Feb 08, 2013
Tracked Since Feb 18, 2026