CVE-2013-0189

Published: 16 January 2013

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Priority

Medium

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Binaries built from this source package are in Universe and so are supported by the community.
squid3
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.7)
Patches:
Upstream: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
seth-arnold
The webserver should be configured to restrict access to
cachemgr.cgi; this script shouldn't be exposed to untrusted users

References