|Max CVSS||7.5||Min CVSS||2.6||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
|03-10-2018 - 21:29||14-04-2005 - 04:00|
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
|03-10-2018 - 21:29||08-03-2005 - 05:00|
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
|11-10-2017 - 01:30||02-05-2005 - 04:00|