5

CVE-2007-6239

Exploit
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Web Proxy Cache Version2.0_patch2
SquidSquid Web Proxy Cache Version2.1_patch2
SquidSquid Web Proxy Cache Version2.3.stable4
SquidSquid Web Proxy Cache Version2.3.stable5
SquidSquid Web Proxy Cache Version2.4_stable2
SquidSquid Web Proxy Cache Version2.4_stable4
SquidSquid Web Proxy Cache Version2.4_stable6
SquidSquid Web Proxy Cache Version2.4_stable7
SquidSquid Web Proxy Cache Version2.5.stable11
SquidSquid Web Proxy Cache Version2.5.stable12
SquidSquid Web Proxy Cache Version2.5.stable13
SquidSquid Web Proxy Cache Version2.5.stable14
SquidSquid Web Proxy Cache Version2.5_.stable9
SquidSquid Web Proxy Cache Version2.5_stable1
SquidSquid Web Proxy Cache Version2.5_stable3
SquidSquid Web Proxy Cache Version2.5_stable4
SquidSquid Web Proxy Cache Version2.5_stable5
SquidSquid Web Proxy Cache Version2.5_stable6
SquidSquid Web Proxy Cache Version2.5_stable7
SquidSquid Web Proxy Cache Version2.5_stable8
SquidSquid Web Proxy Cache Version2.5_stable10
SquidSquid Web Proxy Cache Version2.6
SquidSquid Web Proxy Cache Version2.6.stable1
SquidSquid Web Proxy Cache Version2.6.stable2
SquidSquid Web Proxy Cache Version2.6.stable3
SquidSquid Web Proxy Cache Version2.6.stable4
SquidSquid Web Proxy Cache Version2.6.stable5
SquidSquid Web Proxy Cache Version2.6.stable6
SquidSquid Web Proxy Cache Version2.6.stable7
SquidSquid Web Proxy Cache Version2.6.stable12
SquidSquid Web Proxy Cache Version2.6.stable13
SquidSquid Web Proxy Cache Version2.6.stable14
SquidSquid Web Proxy Cache Version2.6.stable15
SquidSquid Web Proxy Cache Version2.6.stable16
SquidSquid Web Proxy Cache Version3.0
SquidSquid Web Proxy Cache Version3.0_pre1
SquidSquid Web Proxy Cache Version3.0_pre2
SquidSquid Web Proxy Cache Version3.0_pre3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 26.86% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
http://secunia.com/advisories/28412
Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=201209
http://secunia.com/advisories/27910
Patch
Vendor Advisory
http://secunia.com/advisories/28091
Vendor Advisory
http://secunia.com/advisories/28109
Vendor Advisory
http://secunia.com/advisories/28350
Vendor Advisory
http://secunia.com/advisories/28381
Vendor Advisory
http://secunia.com/advisories/28403
Vendor Advisory
http://secunia.com/advisories/28814
Vendor Advisory
http://secunia.com/advisories/34467
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-05.xml
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.debian.org/security/2008/dsa-1482
Patch
http://www.kb.cert.org/vuls/id/232881
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:002
http://www.redhat.com/support/errata/RHSA-2007-1130.html
Patch
http://www.securityfocus.com/bid/26687
Patch
http://www.securitytracker.com/id?1019036
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
Vendor Advisory
Exploit
http://www.ubuntu.com/usn/usn-565-1
http://www.vupen.com/english/advisories/2007/4066
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=410181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html