Twenty Year Anniversary
Showing 1 - 4 of 4 RSS Feed

CVE-2014-0128

Status Candidate

Overview

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Related Files

Mandriva Linux Security Advisory 2015-103
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-103 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled. Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets. Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2014-0128, CVE-2014-3609, CVE-2014-6270, CVE-2014-7141, CVE-2014-7142
MD5 | 50bab53e78f92e76d14a362740cf343d
Gentoo Linux Security Advisory 201411-11
Posted Nov 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0128, CVE-2014-7141, CVE-2014-7142
MD5 | cbe0833a61541372eb99920080cc3a8f
Mandriva Linux Security Advisory 2014-114
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-114 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled.

tags | advisory, web, denial of service
systems | linux, mandriva
advisories | CVE-2014-0128
MD5 | 8a3c82135d956a87596a9ab49a9f3b43
Red Hat Security Advisory 2014-0597-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0597-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2014-0128
MD5 | 9d6de415caf18c95b0a8eeb6e8048a65
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close