| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Denial of service |
|
| Description |
| + |
Due to an incorrect parser validation bug Squid before version 4.15 is vulnerable to a denial of Service attack against the Cache Manager API. |
|
| References |
| + |
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 |
| + |
http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
To mitigate this issue, |
| + |
|
| + |
- either disable Cache Manager access entirely if not needed, by placing the following line in squid.conf before lines containing |
| + |
"allow": |
| + |
|
| + |
http_access deny manager |
| + |
|
| + |
- or harden Cache Manager access privileges, for example: require authentication or other access controls in http_access beyond the default IP address restriction. |
|