📦

squid_web_proxy_cache

Vendor: national_science_foundation

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 17.80% Exploit Prob.

Latest CVE CVE-2009-0801 Mar 04

Security Vulnerability Index

Page 1 / 1

5.4 CVSS

CVE-2009-0801

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

EPSS: 0.04%

Severity: MEDIUM

Mar 04, 2009

5.0 CVSS

CVE-2007-6239

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

EPSS: 9.00%

Severity: MEDIUM

Dec 04, 2007

5.0 CVSS

CVE-2004-2479

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

EPSS: 1.03%

Severity: MEDIUM

Dec 31, 2004

5.0 CVSS

CVE-2004-2480

Exploit Found

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

EPSS: 2.00%

Severity: MEDIUM

Dec 31, 2004

10.0 CVSS

CVE-2004-0541

Exploit Found

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

EPSS: 76.95%

Severity: HIGH

Aug 06, 2004

Displaying 5 of 3 Total Entries

Total 1 Sections