Description

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Remediation

References

CVE-2013-1839

Related Vulnerabilities

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.2.0)

Liferay Portal Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-25607)

Oracle Database Server CVE-2011-0822 Vulnerability (CVE-2011-0822)

WebLogic CVE-2017-10178 Vulnerability (CVE-2017-10178)

WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.5)

Severity

High

Classification

CVE-2013-1839 CWE-20

Tags

Missing Update Known Vulnerabilities