FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- Denial of Service vulnerability in HTCP

Affected packages
2.7.1 <= squid < 2.7.7_4
3.0.1 <= squid < 3.0.24

Details

VuXML ID 81d9dc0c-1988-11df-8e66-0019996bc1f7
Discovery 2010-02-12
Entry 2010-02-14
Modified 2010-05-02

Squid security advisory 2010:2 reports:

Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets.

This problem allows any machine to perform a denial of service attack on the Squid service when its HTCP port is open.

References

CVE Name CVE-2010-0639
URL http://www.squid-cache.org/Advisories/SQUID-2010_2.txt