CVE-2007-1560 | Vulnerability Database | Aqua Security

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

Affected Software

Name	Vendor	Start Version	End Version
Squid	Squid	2.6.stable1 (including)	2.6.stable1 (including)
Squid	Squid	2.6.stable2 (including)	2.6.stable2 (including)
Squid	Squid	2.6.stable3 (including)	2.6.stable3 (including)
Squid	Squid	2.6.stable4 (including)	2.6.stable4 (including)
Squid	Squid	2.6.stable5 (including)	2.6.stable5 (including)
Squid	Squid	2.6.stable6 (including)	2.6.stable6 (including)
Squid	Squid	2.6.stable7 (including)	2.6.stable7 (including)
Squid	Squid	2.6.stable8 (including)	2.6.stable8 (including)
Squid	Squid	2.6.stable9 (including)	2.6.stable9 (including)
Squid	Squid	2.6.stable10 (including)	2.6.stable10 (including)
Squid	Squid	2.6.stable11 (including)	2.6.stable11 (including)

References

http://secunia.com/advisories/24611
http://secunia.com/advisories/24614
http://secunia.com/advisories/24625
http://secunia.com/advisories/24662
http://secunia.com/advisories/24911
http://security.gentoo.org/glsa/glsa-200703-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:068
http://www.novell.com/linux/security/advisories/2007_5_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0131.html
http://www.securityfocus.com/bid/23085
http://www.securitytracker.com/id?1017805
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt
http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch
http://www.ubuntu.com/usn/usn-441-1
http://www.vupen.com/english/advisories/2007/1035
https://exchange.xforce.ibmcloud.com/vulnerabilities/33124
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1560
CWE	https://cwe.mitre.org/data/definitions/.html