CVE-2007-1560
UnknownEPSS 27.45%
Last modified
CVE-2007-1560 is a vulnerability of currently unknown severity. The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.. EPSS estimates a 27.45% chance of exploitation in the next 30 days.
Description
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squid | Squid | 2.6.stable1 |
| Squid | Squid | 2.6.stable2 |
| Squid | Squid | 2.6.stable3 |
| Squid | Squid | 2.6.stable4 |
| Squid | Squid | 2.6.stable5 |
| Squid | Squid | 2.6.stable6 |
| Squid | Squid | 2.6.stable7 |
| Squid | Squid | 2.6.stable8 |
| Squid | Squid | 2.6.stable9 |
| Squid | Squid | 2.6.stable10 |
| Squid | Squid | 2.6.stable11 |
References
- http://secunia.com/advisories/24611Patch, Vendor Advisory
- http://secunia.com/advisories/24614Vendor Advisory
- http://secunia.com/advisories/24625Vendor Advisory
- http://secunia.com/advisories/24662Vendor Advisory
- http://secunia.com/advisories/24911Vendor Advisory
- http://www.squid-cache.org/Advisories/SQUID-2007_1.txtPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2007/1035Vendor Advisory
- http://secunia.com/advisories/24611Patch, Vendor Advisory
- http://secunia.com/advisories/24614Vendor Advisory
- http://secunia.com/advisories/24625Vendor Advisory
- http://secunia.com/advisories/24662Vendor Advisory
- http://secunia.com/advisories/24911Vendor Advisory
- http://www.squid-cache.org/Advisories/SQUID-2007_1.txtPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2007/1035Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1560?
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
How severe is CVE-2007-1560?
Severity scoring for CVE-2007-1560 is pending analysis. The EPSS model estimates a 27.45% probability of exploitation in the next 30 days.
How do I fix CVE-2007-1560?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-1560?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST