Signature Detail

HTTP: Invalid Status Code

This signature detects attempts to exploit a known vulnerability against Web clients and proxies, including Squid Proxy. Attacker can achieve results ranging from denial of service to remote code execution.

Extended Description

Squid is prone to multiple remote denial-of-service vulnerabilities. Successfully exploiting these issues allow remote attackers to crash the affected application, denying further service to legitimate users. This issue affects Squid 3.0.STABLE16, 3.1.0.11 and prior versions.

Affected Products

• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Gentoo Linux
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2008.1
• Mandriva Linux Mandrake 2008.1 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 X86 64
• Red Hat Fedora 10
• Red Hat Fedora 11
• Squid Web Proxy Cache 3.0.0
• Squid Web Proxy Cache 3.0.STABLE1
• Squid Web Proxy Cache 3.0.STABLE12
• Squid Web Proxy Cache 3.0.STABLE13
• Squid Web Proxy Cache 3.0.STABLE16
• Squid Web Proxy Cache 3.0.STABLE2
• Squid Web Proxy Cache 3.0.STABLE3
• Squid Web Proxy Cache 3.0.STABLE4
• Squid Web Proxy Cache 3.0.STABLE5
• Squid Web Proxy Cache 3.0.STABLE6
• Squid Web Proxy Cache 3.0.STABLE7
• Squid Web Proxy Cache 3.1
• Squid Web Proxy Cache 3.1.0.11
• Squid Web Proxy Cache 3.1.0.4
• Squid Web Proxy Cache 3.1.0.5

References

• BugTraq: 35812
• CVE: CVE-2009-2622
• CVE: CVE-2009-2621