CVE-2021-28652 log

Severity Medium
Remote Yes
Type Denial of service
Due to an incorrect parser validation bug Squid before version 4.15 is vulnerable to a denial of Service attack against the Cache Manager API.
Group Package Affected Fixed Severity Status Ticket
AVG-1949 squid 4.14-1 4.15-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-10 AVG-1949 squid High denial of service

To mitigate this issue,

- either disable Cache Manager access entirely if not needed, by placing the following line in squid.conf before lines containing

http_access deny manager

- or harden Cache Manager access privileges, for example: require authentication or other access controls in http_access beyond the default IP address restriction.