Total vulnerabilities in the database
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
| Software | From | Fixed in |
|---|---|---|
| squid-cache / squid | 2.6 | 2.6.x |
| squid-cache / squid | 2.7-stable3 | 2.7-stable3.x |
| squid-cache / squid | 2.7-stable4 | 2.7-stable4.x |
| squid-cache / squid | 2.7-stable2 | 2.7-stable2.x |
| squid-cache / squid | 2.7-stable5 | 2.7-stable5.x |
| squid-cache / squid | 2.7-stable6 | 2.7-stable6.x |
| squid-cache / squid | 2.7-stable7 | 2.7-stable7.x |
| squid-cache / squid | 2.7-stable8 | 2.7-stable8.x |
| squid-cache / squid | 2.7-stable9 | 2.7-stable9.x |
| squid-cache / squid | 2.7 | 2.7.x |
| squid-cache / squid | 2.7-stable1 | 2.7-stable1.x |
| squid-cache / squid | 3.1 | 5.9.x |
| squid-cache / squid | 6.0.1 | 6.5.x |