Vulnerabilities

CVE-2012-3501

by Fred · 25/08/2012

The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.

Date published : 2012-08-25

http://www.securityfocus.com/bid/54663

http://freecode.com/projects/squidclamav/releases/346722

Similar

Tags: Cybersecurity Alert