Vulnerability Name:

CVE-2007-6239 (CCN-38837)

Assigned:2007-12-04
Published:2007-12-04
Updated:2017-09-29
Summary:The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=201209

Source: MITRE
Type: CNA
CVE-2007-6239

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:001

Source: CCN
Type: RHSA-2007-1130
Moderate: squid security update

Source: CCN
Type: SA27910
Squid Cache Update Denial of Service Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
27910

Source: SECUNIA
Type: Vendor Advisory
28091

Source: SECUNIA
Type: Vendor Advisory
28109

Source: SECUNIA
Type: Vendor Advisory
28350

Source: SECUNIA
Type: Vendor Advisory
28381

Source: SECUNIA
Type: Vendor Advisory
28403

Source: SECUNIA
Type: Vendor Advisory
28412

Source: SECUNIA
Type: Vendor Advisory
28814

Source: SECUNIA
Type: Vendor Advisory
34467

Source: GENTOO
Type: UNKNOWN
GLSA-200801-05

Source: GENTOO
Type: UNKNOWN
GLSA-200903-38

Source: CCN
Type: SECTRACK ID: 1019036
Squid Cache Update Reply Processing Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2007-532
squid security update (RHSA-2007-1130)

Source: DEBIAN
Type: Patch
DSA-1482

Source: DEBIAN
Type: DSA-1482
squid -- programming error

Source: DEBIAN
Type: DSA-1646
squid -- array bounds check

Source: CCN
Type: GLSA-200801-05
Squid: Denial of Service

Source: CCN
Type: GLSA-200903-38
Squid: Multiple Denial of Service vulnerabilities

Source: CCN
Type: US-CERT VU#232881
Squid remote denial-of-service vulnerability

Source: CERT-VN
Type: US Government Resource
VU#232881

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:002

Source: REDHAT
Type: Patch
RHSA-2007:1130

Source: BID
Type: Patch
26687

Source: CCN
Type: BID-26687
Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019036

Source: CCN
Type: Squid Web site
Squid Web Proxy Cache

Source: CCN
Type: SQUID-2007:2
Squid Proxy Cache Security Update Advisory SQUID-2007:2

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch

Source: CCN
Type: TLSA-2008-3
Squid denial of service attack

Source: CCN
Type: USN-565-1
Squid vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-565-1

Source: CCN
Type: USN-601-1
Squid vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4066

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=410181

Source: XF
Type: UNKNOWN
squid-cacheupdatereplies-dos(38837)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10915

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4170

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4161

Source: SUSE
Type: SUSE-SR:2008:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squid:squid_web_proxy_cache:2.0_patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.1_patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.3.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.3.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.4_stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.4_stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.4_stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.4_stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5.stable11:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5.stable12:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5.stable13:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5.stable14:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_.stable9:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable8:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.5_stable10:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable12:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable13:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable14:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable15:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:2.6.stable16:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:3.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:3.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid_web_proxy_cache:3.0_pre3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable12:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable13:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable14:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable15:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.6.stable16:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20076239
    V
    		CVE-2007-6239
    2015-11-16
    oval:org.mitre.oval:def:17664
    P
    		USN-601-1 -- squid vulnerability
    2014-06-30
    oval:org.mitre.oval:def:17749
    P
    		USN-565-1 -- squid vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18736
    P
    		DSA-1646-2 squid - array bounds check
    2014-06-23
    oval:org.mitre.oval:def:19956
    P
    		DSA-1482-1 squid - programming error
    2014-06-23
    oval:org.mitre.oval:def:7232
    P
    		DSA-1646 squid -- array bounds check
    2014-06-23
    oval:org.mitre.oval:def:7991
    P
    		DSA-1482 squid -- programming error
    2014-06-23
    oval:org.mitre.oval:def:21708
    P
    		ELSA-2007:1130: squid security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10915
    V
    		The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
    2013-04-29
    oval:org.debian:def:1482
    V
    		programming error
    2008-02-05
    oval:com.redhat.rhsa:def:20071130
    P
    		RHSA-2007:1130: squid security update (Moderate)
    2007-12-18
    BACK
    squid squid web proxy cache 2.0_patch2
    squid squid web proxy cache 2.1_patch2
    squid squid web proxy cache 2.3.stable4
    squid squid web proxy cache 2.3.stable5
    squid squid web proxy cache 2.4_stable2
    squid squid web proxy cache 2.4_stable4
    squid squid web proxy cache 2.4_stable6
    squid squid web proxy cache 2.4_stable7
    squid squid web proxy cache 2.5.stable11
    squid squid web proxy cache 2.5.stable12
    squid squid web proxy cache 2.5.stable13
    squid squid web proxy cache 2.5.stable14
    squid squid web proxy cache 2.5_.stable9
    squid squid web proxy cache 2.5_stable1
    squid squid web proxy cache 2.5_stable3
    squid squid web proxy cache 2.5_stable4
    squid squid web proxy cache 2.5_stable5
    squid squid web proxy cache 2.5_stable6
    squid squid web proxy cache 2.5_stable7
    squid squid web proxy cache 2.5_stable8
    squid squid web proxy cache 2.5_stable10
    squid squid web proxy cache 2.6
    squid squid web proxy cache 2.6.stable1
    squid squid web proxy cache 2.6.stable2
    squid squid web proxy cache 2.6.stable3
    squid squid web proxy cache 2.6.stable4
    squid squid web proxy cache 2.6.stable5
    squid squid web proxy cache 2.6.stable6
    squid squid web proxy cache 2.6.stable7
    squid squid web proxy cache 2.6.stable12
    squid squid web proxy cache 2.6.stable13
    squid squid web proxy cache 2.6.stable14
    squid squid web proxy cache 2.6.stable15
    squid squid web proxy cache 2.6.stable16
    squid squid web proxy cache 3.0
    squid squid web proxy cache 3.0_pre1
    squid squid web proxy cache 3.0_pre2
    squid squid web proxy cache 3.0_pre3
    squid-cache squid 2.5.stable5
    squid-cache squid 2.5.stable7
    squid-cache squid 2.5.stable9
    squid-cache squid 2.5.stable10
    squid-cache squid 2.6
    squid-cache squid 3.0
    squid-cache squid 2.4.stable2
    squid-cache squid 2.4.stable4
    squid-cache squid 2.4.stable6
    squid-cache squid 2.5.stable4
    squid-cache squid 2.5.stable1
    squid-cache squid 2.4.stable7
    squid-cache squid 2.6.stable1
    squid-cache squid 2.5.stable8
    squid-cache squid 2.5.stable11
    squid-cache squid 2.6.stable2
    squid-cache squid 2.6.stable3
    squid-cache squid 2.6.stable4
    squid-cache squid 2.6.stable5
    squid-cache squid 2.6.stable6
    squid-cache squid 2.5.stable13
    squid-cache squid 2.5.stable14
    squid-cache squid 2.5.stable12
    squid-cache squid 2.6.stable7
    squid-cache squid 2.6.stable12
    squid-cache squid 2.6.stable13
    squid-cache squid 2.6.stable14
    squid-cache squid 2.6.stable15
    squid-cache squid 2.6.stable16
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga