Vulnerability CVE-2009-0478

Vulnerability Name:

CVE-2009-0478 (CCN-48484)

Assigned:

2009-02-02

Published:

2009-02-02

Updated:

2018-10-11

Summary:

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-0478

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:005

Source: CCN
Type: SA33731
Squid HTTP Version Number Parsing Denial of Service

Source: SECUNIA
Type: Vendor Advisory
33731

Source: SECUNIA
Type: Vendor Advisory
34467

Source: GENTOO
Type: UNKNOWN
GLSA-200903-38

Source: CCN
Type: SECTRACK ID: 1021684
Squid HTTP Request Processing Error Lets Remote Users Deny Service

Source: DEBIAN
Type: DSA-1732
squid3 -- denial of service

Source: CCN
Type: GLSA-200903-38
Squid: Multiple Denial of Service vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:034

Source: CCN
Type: OSVDB ID: 51810
Squid HTTP Version Number Request Handling DoS

Source: CCN
Type: OSVDB ID: 57852
Squid Unspecified Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20090204 Squid Proxy Cache Denial of Service in request handling

Source: BID
Type: Exploit, Patch
33604

Source: CCN
Type: BID-33604
Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021684

Source: CCN
Type: SQUID-2009:1
Denial of service in request processing

Source: CONFIRM
Type: Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2009_1.txt

Source: CONFIRM
Type: Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch

Source: CCN
Type: USN-724-1
Squid vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=484246

Source: XF
Type: UNKNOWN
squid-httpversion-number-dos(48484)

Source: EXPLOIT-DB
Type: UNKNOWN
8021

Source: SUSE
Type: SUSE-SR:2009:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid:squid:2.7.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.7.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.7.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.7.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.7.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable8:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable9:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable10:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable11:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.0.stable12:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:3.1.0.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:3.0:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7:-:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20090478	V	CVE-2009-0478	2022-05-20
oval:org.opensuse.security:def:42439	P	Security update for qemu (Important)	2022-04-20
oval:org.opensuse.security:def:31374	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:32252	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:26185	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:31324	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:42228	P	Security update for krb5 (Moderate)	2021-12-06
oval:org.opensuse.security:def:31716	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:31300	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:32213	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31289	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31288	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26147	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:32995	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32164	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:32956	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:32127	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31192	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36294	P	squid-2.7.STABLE5-2.12.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42701	P	squid-2.7.STABLE5-2.12.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32108	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26047	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:32070	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32064	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31742	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31655	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:31560	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:32003	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:36032	P	squid-2.7.STABLE5-2.12.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35638	P	squid-2.7.STABLE5-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42045	P	squid-2.7.STABLE5-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35821	P	squid-2.7.STABLE5-2.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25201	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25531	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26260	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:27257	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25372	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25656	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26619	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25581	P	Security update for perl-XML-Twig (Moderate)	2020-12-01
oval:org.opensuse.security:def:25785	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31882	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:26269	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31118	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31473	P	Security update for procmail	2020-12-01
oval:org.opensuse.security:def:33218	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31598	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26603	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31498	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:32370	P	Recommended update for tboot (Moderate)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25265	P	Security update for mgetty (Moderate)	2020-12-01
oval:org.opensuse.security:def:25615	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26299	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27292	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25383	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25713	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26522	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32564	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25582	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31926	P	Recommended update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:25843	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:33257	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32475	P	Security update for xscreensaver (Moderate)	2020-12-01
oval:org.opensuse.security:def:26638	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:31808	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:26785	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:31978	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25819	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:25189	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25393	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:25766	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26313	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25447	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26561	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32603	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25593	P	Security update for openvpn (Moderate)	2020-12-01
oval:org.opensuse.security:def:25923	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:31821	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32746	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31954	P	Security update for gstreamer-0_10-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:32318	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31106	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31898	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32514	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31510	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31865	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25907	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26820	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31761	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26995	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25190	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:25474	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26357	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:25371	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:25575	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26575	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25657	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:26007	P	Security update for libid3tag (Moderate)	2020-12-01
oval:org.opensuse.security:def:31860	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32785	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25855	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31107	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31416	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32580	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31506	P	Security update for python27 (Important)	2020-12-01
oval:org.opensuse.security:def:32536	P	kdelibs3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31584	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:31952	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31772	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27030	P	squid on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:13985	P	USN-724-1 -- squid vulnerability	2014-06-30
oval:org.mitre.oval:def:8198	P	DSA-1732 squid3 -- denial of service	2014-06-23
oval:org.mitre.oval:def:17985	P	DSA-1732-1 squid3 - denial of service	2014-06-23
oval:org.debian:def:1732	V	denial of service	2009-03-03

BACK