CVE-2013-0189
Published: 16 January 2013
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
Notes
Author | Note |
---|---|
seth-arnold | The webserver should be configured to restrict access to cachemgr.cgi; this script shouldn't be exposed to untrusted users |
Priority
Status
Package | Release | Status |
---|---|---|
squid Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.7.STABLE7-1ubuntu12.6)
|
|
oneiric |
Not vulnerable
(binary not built from this source)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
Binaries built from this source package are in Universe and so are supported by the community. | ||
squid3 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Released
(3.1.14-1ubuntu0.3)
|
|
precise |
Released
(3.1.19-1ubuntu3.12.04.2)
|
|
quantal |
Released
(3.1.20-1ubuntu1.1)
|
|
raring |
Released
(3.1.20-1ubuntu2)
|
|
upstream |
Released
(3.2.7)
|
|
Patches: upstream: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt |
||
Binaries built from this source package are in Universe and so are supported by the community. |