Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:HEADER:SQUID-PROXY-AUTH |
|---|---|
Severity |
Major |
Recommended |
No |
Category |
HTTP |
Keywords |
Squid Proxy Authorization Denail Of Service |
Release Date |
2020/01/05 |
Update Number |
3241 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Squid Proxy Authorization Denail Of Service
This signature detects attempts to exploit a known vulnerability against Squid Proxy. A successful attack can lead to Denial of service.
Extended Description
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
Affected Products
- Squid-cache squid 3.3.10
- Squid-cache squid 3.3.11
- Squid-cache squid 3.3.12
- Squid-cache squid 3.3.13
- Squid-cache squid 3.3.14
- Squid-cache squid 3.3.9
- Squid-cache squid 3.4.0.1
- Squid-cache squid 3.4.0.2
- Squid-cache squid 3.4.0.3
- Squid-cache squid 3.4.0.4
- Squid-cache squid 3.4.1
- Squid-cache squid 3.4.10
- Squid-cache squid 3.4.11
- Squid-cache squid 3.4.12
- Squid-cache squid 3.4.13
- Squid-cache squid 3.4.14
- Squid-cache squid 3.4.2
- Squid-cache squid 3.4.3
- Squid-cache squid 3.4.4
- Squid-cache squid 3.4.4.1
- Squid-cache squid 3.4.4.2
- Squid-cache squid 3.4.5
- Squid-cache squid 3.4.6
- Squid-cache squid 3.4.7
- Squid-cache squid 3.4.8
- Squid-cache squid 3.4.9
- Squid-cache squid 3.5.0.1
- Squid-cache squid 3.5.0.2
- Squid-cache squid 3.5.0.3
- Squid-cache squid 3.5.0.4
- Squid-cache squid 3.5.1
- Squid-cache squid 3.5.10
- Squid-cache squid 3.5.11
- Squid-cache squid 3.5.12
- Squid-cache squid 3.5.13
- Squid-cache squid 3.5.14
- Squid-cache squid 3.5.15
- Squid-cache squid 3.5.16
- Squid-cache squid 3.5.17
- Squid-cache squid 3.5.18
- Squid-cache squid 3.5.19
- Squid-cache squid 3.5.2
- Squid-cache squid 3.5.20
- Squid-cache squid 3.5.21
- Squid-cache squid 3.5.22
- Squid-cache squid 3.5.23
- Squid-cache squid 3.5.24
- Squid-cache squid 3.5.25
- Squid-cache squid 3.5.26
- Squid-cache squid 3.5.27
- Squid-cache squid 3.5.28
- Squid-cache squid 3.5.3
- Squid-cache squid 3.5.4
- Squid-cache squid 3.5.5
- Squid-cache squid 3.5.6
- Squid-cache squid 3.5.7
- Squid-cache squid 3.5.8
- Squid-cache squid 3.5.9
- Squid-cache squid 4.0
- Squid-cache squid 4.0.1
- Squid-cache squid 4.0.10
- Squid-cache squid 4.0.11
- Squid-cache squid 4.0.12
- Squid-cache squid 4.0.13
- Squid-cache squid 4.0.14
- Squid-cache squid 4.0.15
- Squid-cache squid 4.0.16
- Squid-cache squid 4.0.17
- Squid-cache squid 4.0.18
- Squid-cache squid 4.0.19
- Squid-cache squid 4.0.2
- Squid-cache squid 4.0.20
- Squid-cache squid 4.0.21
- Squid-cache squid 4.0.22
- Squid-cache squid 4.0.23
- Squid-cache squid 4.0.24
- Squid-cache squid 4.0.25
- Squid-cache squid 4.0.3
- Squid-cache squid 4.0.4
- Squid-cache squid 4.0.5
- Squid-cache squid 4.0.6
- Squid-cache squid 4.0.8
- Squid-cache squid 4.0.9
- Squid-cache squid 4.3
- Squid-cache squid 4.4
- Squid-cache squid 4.6
- Squid-cache squid 4.7
References
- CVE: CVE-2019-12525