Description

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Remediation

References

CVE-2009-2855

Related Vulnerabilities

MyBB Insertion of Sensitive Information into Log File Vulnerability (CVE-2015-8977)

WordPress Plugin SoundPress Cross-Site Scripting (2.2.6)

WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9419)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4550)

Severity

Medium

Classification

CVE-2009-2855 CWE-20

Tags

Missing Update Known Vulnerabilities