An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack…
mitre·CWE-401·Published 2021-05-27
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a una comprobación del analizador incorrecta, permite un ataque de Denegación de Servicio contra la API del administrador de caché. Esto permite a un cliente confiable desencadenar filtraciones de memoria. Con el tiempo, conlleva a una Denegación de Servicio por medio de una cadena de consulta corta no especificada. Este ataque está limitado a clientes con privilegios de acceso a la API de Cache Manager
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:N/I:N/A:P |
| 3.1 | Primary | NVD | 4.9 | 1.2 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |