Signature Detail

HTTP: Invalid Status Code

This signature detects attempts to exploit a known vulnerability against Web clients and proxies, including Squid Proxy. Attacker can achieve results ranging from denial of service to remote code execution.

Extended Description

Squid is prone to multiple remote denial-of-service vulnerabilities. Successfully exploiting these issues allow remote attackers to crash the affected application, denying further service to legitimate users. This issue affects Squid 3.0.STABLE16, 3.1.0.11 and prior versions.

Affected Products

• Debian linux 5.0
• Debian linux 5.0 Alpha
• Debian linux 5.0 Amd64
• Debian linux 5.0 Arm
• Debian linux 5.0 Armel
• Debian linux 5.0 Hppa
• Debian linux 5.0 Ia-32
• Debian linux 5.0 Ia-64
• Debian linux 5.0 M68k
• Debian linux 5.0 Mips
• Debian linux 5.0 Mipsel
• Debian linux 5.0 Powerpc
• Debian linux 5.0 S/390
• Debian linux 5.0 Sparc
• Gentoo linux
• Mandriva enterprise_server 5
• Mandriva enterprise_server 5 X86 64
• Mandriva linux_mandrake 2008.1
• Mandriva linux_mandrake 2008.1 X86 64
• Mandriva linux_mandrake 2009.0
• Mandriva linux_mandrake 2009.0 X86 64
• Mandriva linux_mandrake 2009.1
• Mandriva linux_mandrake 2009.1 X86 64
• Red_hat fedora 10
• Red_hat fedora 11
• Squid web_proxy_cache 3.0.0
• Squid web_proxy_cache 3.0.STABLE1
• Squid web_proxy_cache 3.0.STABLE12
• Squid web_proxy_cache 3.0.STABLE13
• Squid web_proxy_cache 3.0.STABLE16
• Squid web_proxy_cache 3.0.STABLE2
• Squid web_proxy_cache 3.0.STABLE3
• Squid web_proxy_cache 3.0.STABLE4
• Squid web_proxy_cache 3.0.STABLE5
• Squid web_proxy_cache 3.0.STABLE6
• Squid web_proxy_cache 3.0.STABLE7
• Squid web_proxy_cache 3.1
• Squid web_proxy_cache 3.1.0.11
• Squid web_proxy_cache 3.1.0.4
• Squid web_proxy_cache 3.1.0.5

References

• BugTraq: 35812
• CVE: CVE-2009-2622
• CVE: CVE-2009-2621
• URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5408.php
• URL: https://blogs.securiteam.com/index.php/archives/3094