CVE-2007-6239
NONE EPSS 97.8%
Published Dec 4, 200718y ago · Modified Jun 16, 20262w ago
Published Dec 4, 2007 18y ago
Last Modified Jun 16, 2026 2w ago
Description
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Threat Intelligence
EPSS Exploit Probability
97.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| squid | squid_web_proxy_cache | 2.0_patch2 | any |
| squid | squid_web_proxy_cache | 2.1_patch2 | any |
| squid | squid_web_proxy_cache | 2.3.stable4 | any |
| squid | squid_web_proxy_cache | 2.3.stable5 | any |
| squid | squid_web_proxy_cache | 2.4_stable2 | any |
| squid | squid_web_proxy_cache | 2.4_stable4 | any |
| squid | squid_web_proxy_cache | 2.4_stable6 | any |
| squid | squid_web_proxy_cache | 2.4_stable7 | any |
| squid | squid_web_proxy_cache | 2.5.stable11 | any |
| squid | squid_web_proxy_cache | 2.5.stable12 | any |
| squid | squid_web_proxy_cache | 2.5.stable13 | any |
| squid | squid_web_proxy_cache | 2.5.stable14 | any |
| squid | squid_web_proxy_cache | 2.5_.stable9 | any |
| squid | squid_web_proxy_cache | 2.5_stable1 | any |
| squid | squid_web_proxy_cache | 2.5_stable3 | any |
| squid | squid_web_proxy_cache | 2.5_stable4 | any |
| squid | squid_web_proxy_cache | 2.5_stable5 | any |
| squid | squid_web_proxy_cache | 2.5_stable6 | any |
| squid | squid_web_proxy_cache | 2.5_stable7 | any |
| squid | squid_web_proxy_cache | 2.5_stable8 | any |
| squid | squid_web_proxy_cache | 2.5_stable10 | any |
| squid | squid_web_proxy_cache | 2.6 | any |
| squid | squid_web_proxy_cache | 2.6.stable1 | any |
| squid | squid_web_proxy_cache | 2.6.stable2 | any |
| squid | squid_web_proxy_cache | 2.6.stable3 | any |
| squid | squid_web_proxy_cache | 2.6.stable4 | any |
| squid | squid_web_proxy_cache | 2.6.stable5 | any |
| squid | squid_web_proxy_cache | 2.6.stable6 | any |
| squid | squid_web_proxy_cache | 2.6.stable7 | any |
| squid | squid_web_proxy_cache | 2.6.stable12 | any |
| squid | squid_web_proxy_cache | 2.6.stable13 | any |
| squid | squid_web_proxy_cache | 2.6.stable14 | any |
| squid | squid_web_proxy_cache | 2.6.stable15 | any |
| squid | squid_web_proxy_cache | 2.6.stable16 | any |
| squid | squid_web_proxy_cache | 3.0 | any |
| squid | squid_web_proxy_cache | 3.0_pre1 | any |
| squid | squid_web_proxy_cache | 3.0_pre2 | any |
| squid | squid_web_proxy_cache | 3.0_pre3 | any |
References 27
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=201209
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- secunia.com http://secunia.com/advisories/27910
- secunia.com http://secunia.com/advisories/28091
- secunia.com http://secunia.com/advisories/28109
- secunia.com http://secunia.com/advisories/28350
- secunia.com http://secunia.com/advisories/28381
- secunia.com http://secunia.com/advisories/28403
- secunia.com http://secunia.com/advisories/28412
- secunia.com http://secunia.com/advisories/28814
- secunia.com http://secunia.com/advisories/34467
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200801-05.xml
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200903-38.xml
- debian.org http://www.debian.org/security/2008/dsa-1482
- kb.cert.org http://www.kb.cert.org/vuls/id/232881
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2008:002
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-1130.html
- securityfocus.com http://www.securityfocus.com/bid/26687
- securitytracker.com http://www.securitytracker.com/id?1019036
- squid-cache.org http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
- ubuntu.com http://www.ubuntu.com/usn/usn-565-1
- vupen.com http://www.vupen.com/english/advisories/2007/4066
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=410181
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html
Remediation
- secunia.com http://secunia.com/advisories/27910
- debian.org http://www.debian.org/security/2008/dsa-1482
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-1130.html
- securityfocus.com http://www.securityfocus.com/bid/26687
- squid-cache.org http://www.squid-cache.org/Advisories/SQUID-2007_2.txt