Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | squid | 2014-10-22 20:04 | ALAS-2014-433 |
Amazon Linux 1 | squid | 2014-06-15 16:22 | ALAS-2014-360 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |