Description
squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
Affected products
- cameron_simpson / adzapper2006-01-01 – 2006-01-01
- cameron_simpson / adzapper2006-01-05 – 2006-01-05
- cameron_simpson / adzapper2006-01-07 – 2006-01-07
- cameron_simpson / adzapper2006-01-14 – 2006-01-14
- cameron_simpson / adzapper2006-01-15 – 2006-01-15
- cameron_simpson / adzapper2006-01-23 – 2006-01-23
- cameron_simpson / adzapper2006-01-24 – 2006-01-24
- cameron_simpson / adzapper2006-01-25 – 2006-01-25
- cameron_simpson / adzapper2006-01-28 – 2006-01-28
- cameron_simpson / adzapper2006-01-29 – 2006-01-29
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0491
- VENDOR_ADVISORYhttp://secunia.com/advisories/18771
- MISChttp://adzapper.sourceforge.net/cvslog.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/18777
- MISChttp://www.securityfocus.com/bid/16558
- VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-966
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24640
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308%3Bmsg=5%3Batt=1
- MISChttp://www.osvdb.org/22900