Vulnerability Details : CVE-2010-0639
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2010-0639
- cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*
Threat overview for CVE-2010-0639
Top countries where our scanners detected CVE-2010-0639
Top open port discovered on systems with this issue
3128
IPs affected by CVE-2010-0639 96
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-0639!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-0639
94.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0639
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2010-0639
-
Red Hat 2010-02-16Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.
References for CVE-2010-0639
-
http://www.securitytracker.com/id?1023587
Squid HTCP Packet Processing NULL Pointer Dereference Lets Remote Users Deny Service - SecurityTracker
-
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
Patch
-
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html
[SECURITY] Fedora 11 Update: squid-3.0.STABLE24-1.fc11
-
http://www.vupen.com/english/advisories/2010/0603
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html
[SECURITY] Fedora 12 Update: squid-3.1.0.16-6.fc12
-
http://bugs.squid-cache.org/show_bug.cgi?id=2858
Bug 2858 – Segment violation in HTCP
-
http://www.securityfocus.com/bid/38212
Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability
-
http://www.vupen.com/english/advisories/2010/0371
Webmail | OVH- OVHVendor Advisory
-
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch
Patch
Jump to