Back to bug 1312262
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-26 09:25:43 UTC | Summary | CVE-2016-2571 squid: wrong error handling for malformed HTTP responses | CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP responses |
| Alias | CVE-2016-2572 | |||
| Andrej Nemec | 2016-02-26 09:27:41 UTC | Blocks | 1312266 | |
| Andrej Nemec | 2016-02-26 09:29:13 UTC | Depends On | 1312267 | |
| Norman Sardella | 2016-02-29 14:16:13 UTC | CC | sardella | |
| Adam Mariš | 2016-03-22 07:38:16 UTC | CC | amaris | |
| Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=4.0/AV:N/AC:H/Au:N/C:N/I:P/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=affected,rhel-7/squid=affected | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=4.0/AV:N/AC:H/Au:N/C:N/I:P/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=new,rhel-6/squid=new,rhel-7/squid=new | ||
| Cedric Buissart | 2016-03-31 09:11:33 UTC | Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=4.0/AV:N/AC:H/Au:N/C:N/I:P/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=new,rhel-6/squid=new,rhel-7/squid=new | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=new,rhel-6/squid=new,rhel-7/squid=new |
| Cedric Buissart | 2016-03-31 10:07:29 UTC | Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=new,rhel-6/squid=new,rhel-7/squid=new | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=affected,rhel-6/squid=affected,rhel-7/squid=affected |
| Cedric Buissart | 2016-03-31 10:11:16 UTC | Depends On | 1322770 | |
| Cedric Buissart | 2016-03-31 12:09:23 UTC | Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=affected,rhel-6/squid=affected,rhel-7/squid=affected | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=wontfix,rhel-6/squid=wontfix,rhel-7/squid=affected |
| Cedric Buissart | 2016-03-31 12:25:12 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-04-26 13:26:43 UTC | Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=wontfix,rhel-6/squid=wontfix,rhel-7/squid=affected | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=wontfix,rhel-6/squid34=wontfix,rhel-6/squid=wontfix,rhel-7/squid=affected |
| Cedric Buissart | 2016-09-30 08:09:01 UTC | Doc Text | It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to send a specially crafted HTTP response, crashing the squid server and causing a Denial of Service attack. | |
| Tomas Hoger | 2016-10-25 22:02:20 UTC | Doc Text | It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to send a specially crafted HTTP response, crashing the squid server and causing a Denial of Service attack. | It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. |
| Cedric Buissart | 2016-11-04 09:00:53 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-04 05:00:53 UTC | |||
| Adam Mariš | 2016-11-08 16:13:19 UTC | CC | amaris | |
| Yasuhiro Ozone | 2016-11-14 00:15:27 UTC | CC | yozone | |
| Product Security DevOps Team | 2019-09-29 13:45:06 UTC | Whiteboard | impact=moderate,public=20160224,reported=20160224,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-228,fedora-all/squid=affected,rhel-5/squid=wontfix,rhel-6/squid34=wontfix,rhel-6/squid=wontfix,rhel-7/squid=affected |
Back to bug 1312262