CVE-2021-28652 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	Due to an incorrect parser validation bug Squid before version 4.15 is vulnerable to a denial of Service attack against the Cache Manager API.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1949	squid	4.14-1	4.15-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2021	ASA-202105-10	AVG-1949	squid	High	denial of service

References
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch

Notes
Workaround ========== To mitigate this issue, - either disable Cache Manager access entirely if not needed, by placing the following line in squid.conf before lines containing "allow": http_access deny manager - or harden Cache Manager access privileges, for example: require authentication or other access controls in http_access beyond the default IP address restriction.

Notes

Workaround
==========

To mitigate this issue,

- either disable Cache Manager access entirely if not needed, by placing the following line in squid.conf before lines containing
"allow":

http_access deny manager

- or harden Cache Manager access privileges, for example: require authentication or other access controls in http_access beyond the default IP address restriction.