PT-2007-7128 · Squid+1 · Squid+2

Publicado

2007-12-04

·

Atualizado

2017-09-29

·

CVE-2007-6239

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Squid versions 2.x through 2.6.STABLE16 Squid version 3.0
Description The issue is related to the "cache update reply processing" functionality, which allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Recommendations For Squid versions 2.x through 2.6.STABLE16, update to version 2.6.STABLE17 or later. For Squid version 3.0, update to a version later than 3.0.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2007-6239
DSA-1482-1
DSA-1646-2
RHSA-2007:1130
RHSA-2007_1130

Produtos afetados

Red Hat
Squid
Squid Cache