5
CVE-2007-6239
- EPSS 26.86%
- Veröffentlicht 04.12.2007 18:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:40
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid ≫ Squid Web Proxy Cache Version2.0_patch2
Squid ≫ Squid Web Proxy Cache Version2.1_patch2
Squid ≫ Squid Web Proxy Cache Version2.3.stable4
Squid ≫ Squid Web Proxy Cache Version2.3.stable5
Squid ≫ Squid Web Proxy Cache Version2.4_stable2
Squid ≫ Squid Web Proxy Cache Version2.4_stable4
Squid ≫ Squid Web Proxy Cache Version2.4_stable6
Squid ≫ Squid Web Proxy Cache Version2.4_stable7
Squid ≫ Squid Web Proxy Cache Version2.5.stable11
Squid ≫ Squid Web Proxy Cache Version2.5.stable12
Squid ≫ Squid Web Proxy Cache Version2.5.stable13
Squid ≫ Squid Web Proxy Cache Version2.5.stable14
Squid ≫ Squid Web Proxy Cache Version2.5_.stable9
Squid ≫ Squid Web Proxy Cache Version2.5_stable1
Squid ≫ Squid Web Proxy Cache Version2.5_stable3
Squid ≫ Squid Web Proxy Cache Version2.5_stable4
Squid ≫ Squid Web Proxy Cache Version2.5_stable5
Squid ≫ Squid Web Proxy Cache Version2.5_stable6
Squid ≫ Squid Web Proxy Cache Version2.5_stable7
Squid ≫ Squid Web Proxy Cache Version2.5_stable8
Squid ≫ Squid Web Proxy Cache Version2.5_stable10
Squid ≫ Squid Web Proxy Cache Version2.6
Squid ≫ Squid Web Proxy Cache Version2.6.stable1
Squid ≫ Squid Web Proxy Cache Version2.6.stable2
Squid ≫ Squid Web Proxy Cache Version2.6.stable3
Squid ≫ Squid Web Proxy Cache Version2.6.stable4
Squid ≫ Squid Web Proxy Cache Version2.6.stable5
Squid ≫ Squid Web Proxy Cache Version2.6.stable6
Squid ≫ Squid Web Proxy Cache Version2.6.stable7
Squid ≫ Squid Web Proxy Cache Version2.6.stable12
Squid ≫ Squid Web Proxy Cache Version2.6.stable13
Squid ≫ Squid Web Proxy Cache Version2.6.stable14
Squid ≫ Squid Web Proxy Cache Version2.6.stable15
Squid ≫ Squid Web Proxy Cache Version2.6.stable16
Squid ≫ Squid Web Proxy Cache Version3.0
Squid ≫ Squid Web Proxy Cache Version3.0_pre1
Squid ≫ Squid Web Proxy Cache Version3.0_pre2
Squid ≫ Squid Web Proxy Cache Version3.0_pre3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.86% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
http://secunia.com/advisories/28412
http://bugs.gentoo.org/show_bug.cgi?id=201209
http://secunia.com/advisories/27910
http://secunia.com/advisories/28091
http://secunia.com/advisories/28109
http://secunia.com/advisories/28350
http://secunia.com/advisories/28381
http://secunia.com/advisories/28403
http://secunia.com/advisories/28814
http://secunia.com/advisories/34467
http://security.gentoo.org/glsa/glsa-200801-05.xml
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.debian.org/security/2008/dsa-1482
http://www.kb.cert.org/vuls/id/232881
http://www.mandriva.com/security/advisories?name=MDVSA-2008:002
http://www.redhat.com/support/errata/RHSA-2007-1130.html
http://www.securityfocus.com/bid/26687
http://www.securitytracker.com/id?1019036
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
http://www.ubuntu.com/usn/usn-565-1
http://www.vupen.com/english/advisories/2007/4066
https://bugzilla.redhat.com/show_bug.cgi?id=410181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html