CVE-2007-6239

squid: DoS in cache updates

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-12-04 CVE Reserved
2007-12-04 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (28)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=201209	X_refsource_confirm
http://www.kb.cert.org/vuls/id/232881	Third Party Advisory
http://www.securitytracker.com/id?1019036	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915	Signature

URL	Date	SRC
http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch	2024-08-07

URL	Date	SRC
http://secunia.com/advisories/27910	2017-09-29
http://www.debian.org/security/2008/dsa-1482	2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1130.html	2017-09-29
http://www.securityfocus.com/bid/26687	2017-09-29
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt	2017-09-29

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html	2017-09-29
http://secunia.com/advisories/28091	2017-09-29
http://secunia.com/advisories/28109	2017-09-29
http://secunia.com/advisories/28350	2017-09-29
http://secunia.com/advisories/28381	2017-09-29
http://secunia.com/advisories/28403	2017-09-29
http://secunia.com/advisories/28412	2017-09-29
http://secunia.com/advisories/28814	2017-09-29
http://secunia.com/advisories/34467	2017-09-29
http://security.gentoo.org/glsa/glsa-200801-05.xml	2017-09-29
http://security.gentoo.org/glsa/glsa-200903-38.xml	2017-09-29
http://www.mandriva.com/security/advisories?name=MDVSA-2008:002	2017-09-29
http://www.ubuntu.com/usn/usn-565-1	2017-09-29
http://www.vupen.com/english/advisories/2007/4066	2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=410181	2007-12-18
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html	2017-09-29
https://access.redhat.com/security/cve/CVE-2007-6239	2007-12-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.0_patch2 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.0_patch2"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.1_patch2 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.1_patch2"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.3.stable4 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.3.stable4"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.3.stable5 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.3.stable5"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.4_stable2 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.4_stable2"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.4_stable4 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.4_stable4"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.4_stable6 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.4_stable6"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.4_stable7 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.4_stable7"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5.stable11 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5.stable11"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5.stable12 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5.stable12"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5.stable13 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5.stable13"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5.stable14 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5.stable14"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_.stable9 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_.stable9"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable1 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable1"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable3 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable3"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable4 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable4"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable5 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable5"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable6 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable6"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable7 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable7"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable8 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable8"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.5_stable10 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.5_stable10"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable1 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable1"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable2 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable2"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable3 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable3"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable4 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable4"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable5 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable5"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable6 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable6"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable7 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable7"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable12 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable12"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable13 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable13"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable14 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable14"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable15 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable15"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				2.6.stable16 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "2.6.stable16"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				3.0 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "3.0"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				3.0_pre1 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "3.0_pre1"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				3.0_pre2 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "3.0_pre2"		-		Affected
Squid Search vendor "Squid"		Squid Web Proxy Cache Search vendor "Squid" for product "Squid Web Proxy Cache"				3.0_pre3 Search vendor "Squid" for product "Squid Web Proxy Cache" and version "3.0_pre3"		-		Affected