|Max CVSS||7.5||Min CVSS||2.6||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
|03-10-2018 - 21:29||14-04-2005 - 04:00|
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
|03-10-2018 - 21:29||08-03-2005 - 05:00|
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
|03-05-2018 - 01:29||25-07-1999 - 04:00|
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
|11-10-2017 - 01:30||11-05-2005 - 04:00|
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
|11-10-2017 - 01:30||02-05-2005 - 04:00|