Vulnerability in N/a
CVE-2007-1560
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
EPSS: 0.706 (98.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- GLSA-200703-27 (vendor-advisory, x_refsource_GENTOO)
- ADV-2007-1035 (vdb-entry, x_refsource_VUPEN)
- www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch (x_refsource_CONFIRM)
- 24611 (x_refsource_SECUNIA, third-party-advisory)
- SUSE-SR:2007:005 (vendor-advisory, x_refsource_SUSE)
- 23085 (vdb-entry, x_refsource_BID)
- 24625 (x_refsource_SECUNIA, third-party-advisory)
- www.squid-cache.org/Advisories/SQUID-2007_1.txt (x_refsource_CONFIRM)
- oval:org.mitre.oval:def:10291 (signature, x_refsource_OVAL, vdb-entry)
- MDKSA-2007:068 (vendor-advisory, x_refsource_MANDRIVA)