CVE-2007-6239

Exploit

EPSS 14.35%
Published 04.12.2007 18:46:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

Affected products Warnungen 0 Metrics 2 CWE 1 References 30

Data is provided by the National Vulnerability Database (NVD)

Squid ≫ Squid Web Proxy Cache Version2.0_patch2

Squid ≫ Squid Web Proxy Cache Version2.1_patch2

Squid ≫ Squid Web Proxy Cache Version2.3.stable4

Squid ≫ Squid Web Proxy Cache Version2.3.stable5

Squid ≫ Squid Web Proxy Cache Version2.4_stable2

Squid ≫ Squid Web Proxy Cache Version2.4_stable4

Squid ≫ Squid Web Proxy Cache Version2.4_stable6

Squid ≫ Squid Web Proxy Cache Version2.4_stable7

Squid ≫ Squid Web Proxy Cache Version2.5.stable11

Squid ≫ Squid Web Proxy Cache Version2.5.stable12

Squid ≫ Squid Web Proxy Cache Version2.5.stable13

Squid ≫ Squid Web Proxy Cache Version2.5.stable14

Squid ≫ Squid Web Proxy Cache Version2.5_.stable9

Squid ≫ Squid Web Proxy Cache Version2.5_stable1

Squid ≫ Squid Web Proxy Cache Version2.5_stable3

Squid ≫ Squid Web Proxy Cache Version2.5_stable4

Squid ≫ Squid Web Proxy Cache Version2.5_stable5

Squid ≫ Squid Web Proxy Cache Version2.5_stable6

Squid ≫ Squid Web Proxy Cache Version2.5_stable7

Squid ≫ Squid Web Proxy Cache Version2.5_stable8

Squid ≫ Squid Web Proxy Cache Version2.5_stable10

Squid ≫ Squid Web Proxy Cache Version2.6

Squid ≫ Squid Web Proxy Cache Version2.6.stable1

Squid ≫ Squid Web Proxy Cache Version2.6.stable2

Squid ≫ Squid Web Proxy Cache Version2.6.stable3

Squid ≫ Squid Web Proxy Cache Version2.6.stable4

Squid ≫ Squid Web Proxy Cache Version2.6.stable5

Squid ≫ Squid Web Proxy Cache Version2.6.stable6

Squid ≫ Squid Web Proxy Cache Version2.6.stable7

Squid ≫ Squid Web Proxy Cache Version2.6.stable12

Squid ≫ Squid Web Proxy Cache Version2.6.stable13

Squid ≫ Squid Web Proxy Cache Version2.6.stable14

Squid ≫ Squid Web Proxy Cache Version2.6.stable15

Squid ≫ Squid Web Proxy Cache Version2.6.stable16

Squid ≫ Squid Web Proxy Cache Version3.0

Squid ≫ Squid Web Proxy Cache Version3.0_pre1

Squid ≫ Squid Web Proxy Cache Version3.0_pre2

Squid ≫ Squid Web Proxy Cache Version3.0_pre3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	14.35%	0.938

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html

http://secunia.com/advisories/28412

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=201209

http://secunia.com/advisories/27910

Patch

Vendor Advisory

http://secunia.com/advisories/28091

Vendor Advisory

http://secunia.com/advisories/28109

Vendor Advisory

http://secunia.com/advisories/28350