CVE-2013-0189

Description

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

How to fix CVE-2013-0189

To remediate CVE-2013-0189, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 2.7.STABLE9-2 or later

Is CVE-2013-0189 being exploited?

Likely — EPSS is 69.7%, placing CVE-2013-0189 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2.7.STABLE9-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-0189