CVE-2018-1000024

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.57 % (78^th)

Affected Products 3

Advisories 11

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-02-09 23:29:00
(6 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 3.0 version and 3.5.27 and prior versions	cpe:2.3:a:squid-cache:squid	>= 3.0	<= 3.5.27
	Squid-cache Squid from 4.0 version and 4.0.22 and prior versions	cpe:2.3:a:squid-cache:squid	>= 4.0	<= 4.0.22

Configuration #2

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 17.10	cpe:2.3:o:canonical:ubuntu_linux:17.10

Weaknesses

Affected Products

Canonical

Debian

Squid-cache

Configuration #1

Configuration #2

Configuration #3