CVE-2013-4123

Squid 3.2.x-3.2.12 and 3.3.x-3.3.7 - Denial of Service via HTTP Host Header Port Number

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4123. PoCs published by kingcope.

AI-analyzed exploit summary This PoC exploits a DoS vulnerability in Squid proxy by sending a malformed HTTP request with an excessively long 'Host' header, causing the service to crash. The exploit targets Squid versions prior to 3.3.8.

Description

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · perldoslinux

https://www.exploit-db.com/exploits/26886

View Code ZIP pw:eip

This PoC exploits a DoS vulnerability in Squid proxy by sending a malformed HTTP request with an excessively long 'Host' header, causing the service to crash. The exploit targets Squid versions prior to 3.3.8.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Squid Proxy 3.2.11 (and versions prior to 3.3.8)

No auth needed

Prerequisites: Network access to the Squid proxy service

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54142

Various Sources x_refsource_confirm

http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch

Patch x_refsource_confirm

http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54834

Vendor Advisory x_refsource_confirm

http://www.squid-cache.org/Advisories/SQUID-2013_3.txt

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html

Scores

EPSS 0.6892

EPSS Percentile 98.7%

Details

CWE

CWE-20

Status published

Products (42)

opensuse/opensuse 12.3

squid-cache/squid 3.3.0

squid-cache/squid 3.3.0.2

squid-cache/squid 3.3.0.3

squid-cache/squid 3.3.1

squid-cache/squid 3.3.2

squid-cache/squid 3.3.3

squid-cache/squid 3.3.4

squid-cache/squid 3.3.5

squid-cache/squid 3.3.6

... and 32 more

Published Sep 16, 2013

Tracked Since Feb 18, 2026