CVE-2013-0189
Published: 16 January 2013
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
Notes
| Author | Note |
|---|---|
| seth-arnold | The webserver should be configured to restrict access to cachemgr.cgi; this script shouldn't be exposed to untrusted users |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
squid Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(2.7.STABLE7-1ubuntu12.6)
|
|
| oneiric |
Not vulnerable
(binary not built from this source)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Ignored
(end of life)
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
squid3 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| oneiric |
Released
(3.1.14-1ubuntu0.3)
|
|
| precise |
Released
(3.1.19-1ubuntu3.12.04.2)
|
|
| quantal |
Released
(3.1.20-1ubuntu1.1)
|
|
| raring |
Released
(3.1.20-1ubuntu2)
|
|
| upstream |
Released
(3.2.7)
|
|
|
Patches: upstream: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||