Vulnerability Name:
CVE-2013-1839 (CCN-82661)
Assigned:
2013-03-05
Published:
2013-03-05
Updated:
2013-10-10
Summary:
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Low
CVSS v2 Severity:
7.8 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
)
6.1 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
)
3.9 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Partial
Vulnerability Type:
CWE-20
Vulnerability Consequences:
Denial of Service
References:
Source: BUGTRAQ
Type: UNKNOWN
20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
Source: BUGTRAQ
Type: UNKNOWN
20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
Source: CCN
Type: Full-Disclosure Mailing List, Tue Mar 05 2013
Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
Source: MITRE
Type: CNA
CVE-2013-1839
Source: CCN
Type: SA52588
Squid "strHdrAcptLangGetItem()" Denial of Service Vulnerability
Source: SECUNIA
Type: Vendor Advisory
52588
Source: MLIST
Type: UNKNOWN
[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
Source: BID
Type: UNKNOWN
58316
Source: CCN
Type: BID-58316
Squid 'strHdrAcptLangGetItem()' Function Remote Denial of Service Vulnerability
Source: CCN
Type: Squid Web site
Squid Web Proxy Cache
Source: CONFIRM
Type: UNKNOWN
http://www.squid-cache.org/Advisories/SQUID-2013_1.txt
Source: XF
Type: UNKNOWN
squid-strhdracptlanggetitem-dos(82661)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*
OR
cpe:/a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:com.ubuntu.precise:def:20131839000
V
CVE-2013-1839 on Ubuntu 12.04 LTS (precise) - medium.
2013-09-30
BACK
squid-cache
squid 3.2.0.1
squid-cache
squid 3.2.0.2
squid-cache
squid 3.2.0.3
squid-cache
squid 3.2.0.4
squid-cache
squid 3.2.0.5
squid-cache
squid 3.2.0.6
squid-cache
squid 3.2.0.7
squid-cache
squid 3.2.0.8
squid-cache
squid 3.2.0.9
squid-cache
squid 3.2.0.10
squid-cache
squid 3.2.0.11
squid-cache
squid 3.2.0.12
squid-cache
squid 3.2.0.13
squid-cache
squid 3.2.0.14
squid-cache
squid 3.2.0.15
squid-cache
squid 3.2.0.16
squid-cache
squid 3.2.0.17
squid-cache
squid 3.2.0.18
squid-cache
squid 3.2.0.19
squid-cache
squid 3.2.1
squid-cache
squid 3.2.2
squid-cache
squid 3.2.3
squid-cache
squid 3.2.4
squid-cache
squid 3.2.5
squid-cache
squid 3.2.6
squid-cache
squid 3.2.7
squid-cache
squid 3.2.8
squid-cache
squid 3.3.0
squid-cache
squid 3.3.0.2
squid-cache
squid 3.3.0.3
squid-cache
squid 3.3.1
squid-cache
squid 3.3.2
squid-cache
squid 3.2.5
squid-cache
squid 3.2.7
Denotes that component is vulnerable