HTTP: Invalid HTTP Version (2)

This signature detects invalid HTTP versions sent by clients. Some servers do not properly handle such requests, which can cause a Denial of Service (DoS) of the server.

Extended Description

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests. Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users. This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

Affected Products

Debian linux

References

BugTraq: 33604

CVE: CVE-2009-0478

Short Name
HTTP:REQERR:INV-HTTP-VERSION
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(2) CVE-2009-0478 HTTP Invalid Version bid:33604
Release Date
11/10/2012
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3799
False Positive
Unknown
Vendors

Red_hat

Gentoo

Squid

Ubuntu

Mandriva

Debian

CVSS Score

5.0

Found a potential security threat?