Summary
This host is running Squid and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could allow remote attackers to crash an affected server, creating a denial of service condition.
Solution
Apply patches or upgrade to the squid version 3.0.STABLE24 http://www.squid-cache.org/Download/
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is due to error in 'htcpHandleTstRequest()' function in 'htcp.c', when processing malformed HTCP (Hypertext Caching Protocol) packets.
Affected
Squid Version 2.x, and 3.0 to 3.0.STABLE23
References
Severity
Classification
-
CVE CVE-2010-0639 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities