HTTP: Squid Proxy log_uses_indirect_client Denial of Service
This signature detects attempt to exploit a denial-of-service vulnerability which has been reported in Squid Proxy. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in denial-of-service conditions on the target service.
Extended Description
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
Affected Products
Squid-cache squid
References
CVE: CVE-2018-1172
Short Name
HTTP:STC:SQUID-PROXY-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-1000027 CVE-2018-1172 Denial Proxy Service Squid log_uses_indirect_client of
Release Date
02/28/2018
Supported Platforms
srx-branch-12.3
srx-branch-19.3
vsrx3bsd-19.2
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
srx-19.4
vsrx-12.3
srx-12.3
vsrx-19.2
srx-19.3
vmx-19.4
mx-12.3
mx-19.4
mx-19.3
vmx-19.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Squid-cache
CVSS Score
5.0
4.3