Denial of Service Vulnerability in Squid Caching Proxy by Squid Software
CVE-2021-28662

6.5MEDIUM

Key Information:

Vendor: Squid-cache
Status: Squid
Vendor: CVE Published:; 27 May 2021

🔔 Create Squid-cache Vulnerability Alert

What is CVE-2021-28662?

An identified issue in Squid versions prior to 4.15 and 5.0.6 allows a remote server to send a specially crafted response header over HTTP or HTTPS, which can lead to a denial of service condition. This vulnerability can be triggered by common benign network traffic, making it crucial for network administrators to remain vigilant and consider updating to the latest versions to safeguard against potential disruptions.

References

https://github.com/squid-cache/squid/security/advisories/...

https://github.com/squid-cache/squid/commit/051824924c709...

http://www.squid-cache.org/Versions/v6/changesets/squid-6...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2021
Vulnerability Reserved
Mar 18, 2021