APP: Squid Proxy HTCP Packet Processing Denial of Service
A denial of service vulnerability exists in Squid Proxy. The vulnerability is due to a NULL pointer dereference when processing specially crafted Hypertext Caching Protocol (HTCP) packets. Remote attackers can exploit this issue by sending a malicious HTCP request to the target server. Successful exploitation could terminate the affected server process abnormally and result in a denial of service condition.
Extended Description
Squid Web Proxy Cache is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Affected Products
Squid web_proxy_cache
Short Name
APP:SQUID-HTCP-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2010-0639 Denial HTCP Packet Processing Proxy Service Squid bid:38212 of
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
UDP/4827
False Positive
Unknown
Vendors
Mandriva
Red_hat
Squid
Gentoo
Ubuntu
CVSS Score
5.0