1. Home
  2. Vulnerabilities
  3. CVE-2016-2572

CVE-2016-2572

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 67.46 % (98th)
67.46% Progress
Affected Products 1
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2016-02-27 05:59:06
(8 years ago)
Updated Date
2018-01-05 02:30:38
(6 years ago)

Affected Products

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid 4.0.1 cpe:2.3:a:squid-cache:squid:4.0.1
  Squid-cache Squid 4.0.2 cpe:2.3:a:squid-cache:squid:4.0.2
  Squid-cache Squid 4.0.3 cpe:2.3:a:squid-cache:squid:4.0.3
  Squid-cache Squid 4.0.4 cpe:2.3:a:squid-cache:squid:4.0.4
  Squid-cache Squid 4.0.5 cpe:2.3:a:squid-cache:squid:4.0.5
  Squid-cache Squid 4.0.6 cpe:2.3:a:squid-cache:squid:4.0.6