CVE-2007-6239

NONE EPSS 97.8%
Published Dec 4, 200718y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 4, 2007 18y ago
Last Modified Jun 16, 2026 2w ago

Description

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

Threat Intelligence

EPSS Exploit Probability
97.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 38

VendorProductVersionRange
squidsquid_web_proxy_cache2.0_patch2any
squidsquid_web_proxy_cache2.1_patch2any
squidsquid_web_proxy_cache2.3.stable4any
squidsquid_web_proxy_cache2.3.stable5any
squidsquid_web_proxy_cache2.4_stable2any
squidsquid_web_proxy_cache2.4_stable4any
squidsquid_web_proxy_cache2.4_stable6any
squidsquid_web_proxy_cache2.4_stable7any
squidsquid_web_proxy_cache2.5.stable11any
squidsquid_web_proxy_cache2.5.stable12any
squidsquid_web_proxy_cache2.5.stable13any
squidsquid_web_proxy_cache2.5.stable14any
squidsquid_web_proxy_cache2.5_.stable9any
squidsquid_web_proxy_cache2.5_stable1any
squidsquid_web_proxy_cache2.5_stable3any
squidsquid_web_proxy_cache2.5_stable4any
squidsquid_web_proxy_cache2.5_stable5any
squidsquid_web_proxy_cache2.5_stable6any
squidsquid_web_proxy_cache2.5_stable7any
squidsquid_web_proxy_cache2.5_stable8any
squidsquid_web_proxy_cache2.5_stable10any
squidsquid_web_proxy_cache2.6any
squidsquid_web_proxy_cache2.6.stable1any
squidsquid_web_proxy_cache2.6.stable2any
squidsquid_web_proxy_cache2.6.stable3any
squidsquid_web_proxy_cache2.6.stable4any
squidsquid_web_proxy_cache2.6.stable5any
squidsquid_web_proxy_cache2.6.stable6any
squidsquid_web_proxy_cache2.6.stable7any
squidsquid_web_proxy_cache2.6.stable12any
squidsquid_web_proxy_cache2.6.stable13any
squidsquid_web_proxy_cache2.6.stable14any
squidsquid_web_proxy_cache2.6.stable15any
squidsquid_web_proxy_cache2.6.stable16any
squidsquid_web_proxy_cache3.0any
squidsquid_web_proxy_cache3.0_pre1any
squidsquid_web_proxy_cache3.0_pre2any
squidsquid_web_proxy_cache3.0_pre3any

References 27

  • bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=201209
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
  • secunia.com http://secunia.com/advisories/27910
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/28091
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28109
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28350
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28381
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28403
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28412
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/28814
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34467
    Vendor Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200801-05.xml
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200903-38.xml
  • debian.org http://www.debian.org/security/2008/dsa-1482
    Patch
  • kb.cert.org http://www.kb.cert.org/vuls/id/232881
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2008:002
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-1130.html
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/26687
    Patch
  • securitytracker.com http://www.securitytracker.com/id?1019036
  • squid-cache.org http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
    PatchVendor Advisory
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
    ExploitVendor Advisory
  • ubuntu.com http://www.ubuntu.com/usn/usn-565-1
  • vupen.com http://www.vupen.com/english/advisories/2007/4066
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=410181
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html

Remediation

  • secunia.com http://secunia.com/advisories/27910
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2008/dsa-1482
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-1130.html
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/26687
    Patch
  • squid-cache.org http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
    PatchVendor Advisory