CVE-2013-1839
Published: 30 September 2013
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
Notes
Author | Note |
---|---|
mdeslaur | Doesn't affect 3.1.x, was introduced in 3.2.0.9 |