Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Squid Improper Input Validation Vulnerability - CVE-2016-2570 - Vulnerability Database
Squid

Squid Improper Input Validation Vulnerability - CVE-2016-2570

High
Reference: CVE-2016-2570
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2570
Title: Squid Improper Input Validation Vulnerability
Overview:

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document related to esi/CustomParser.cc and esi/CustomParser.h.