CVE-2018-1000027
CVE-2018-1000027
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/squid-cache/squid/pull/129/fileshttps://lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2018/02/msg00002.htmlhttps://usn.ubuntu.com/3557-1/https://usn.ubuntu.com/4059-2/https://www.debian.org/security/2018/dsa-4122http://www.squid-cache.org/Advisories/SQUID-2018_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patchhttp://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch