CVE-2013-4123

Squid - Improper Input Validation

Title source: rule

Description

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · perldoslinux

https://www.exploit-db.com/exploits/26886

View Code ZIP pw:eip

References (6)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html

[Vendor Advisory] http://secunia.com/advisories/54142

[Third Party Advisory] http://secunia.com/advisories/54834

[Vendor Advisory] http://www.squid-cache.org/Advisories/SQUID-2013_3.txt

[Patch] http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch

[Various Sources] http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch

Scores

EPSS 0.6994

EPSS Percentile 98.7%

Details

CWE

CWE-20

Status published

Products (42)

opensuse/opensuse 12.3

squid-cache/squid 3.3.0

squid-cache/squid 3.3.0.2

squid-cache/squid 3.3.0.3

squid-cache/squid 3.3.1

squid-cache/squid 3.3.2

squid-cache/squid 3.3.3

squid-cache/squid 3.3.4

squid-cache/squid 3.3.5

squid-cache/squid 3.3.6

... and 32 more

Published Sep 16, 2013

Tracked Since Feb 18, 2026