Short Name |
HTTP:PROXY:SQUID-ESI-BO |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Squid Proxy ESI Component Stack Buffer Overflow |
Release Date |
2016/05/19 |
Update Number |
2725 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes (ESI) component of the Squid proxy. Successful exploitation allows the attacker to execute arbitrary code on the target under context of the service.
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.