CVE-2007-1560
published 2007-03-21CVE-2007-1560: The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash)…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
27.45%
97.8th percentile
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.6.5-6 (bookworm) | squid 2.6.5-6 (bookworm) |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | >= 0 < 2.6.5-6 | 2.6.5-6 |
| squid | squid | >= 0 < 2.6.5-6 | 2.6.5-6 |
| squid | squid | >= 0 < 2.6.5-6 | 2.6.5-6 |
| squid | squid | >= 0 < 2.6.5-6 | 2.6.5-6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Crafted HTTP TRACE requests sent to Squid 2.6 (before 2.6.STABLE12) trigger an assertion error in clientProcessRequest() in src/client_side.c, causing a daemon crash (DoS). ↗
- →The vulnerable code path is the clientProcessRequest() function located in src/client_side.c within Squid 2.6. Monitor for abnormal Squid child process restarts correlated with incoming TRACE method requests. ↗
- →Exploitation pattern involves sending the malicious TRACE request in a loop to continuously crash and restart the single Squid child process, sustaining the denial of service. ↗
- ·Only Squid 2.6 versions prior to 2.6.STABLE12 are affected; Squid 2.5 and other major versions are not impacted by this specific flaw. ↗
- ·Squid recovers automatically (parent restarts the child) after each crash, so the DoS requires repeated requests in a loop to be sustained; a single TRACE request alone may not be sufficient for a persistent outage. ↗
- ·The upstream advisory and patch are available; the fix is referenced in Squid changeset 11349. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerability
vendor_ubuntu·2007-03-26
CVE-2007-1560 Squid vulnerability
Title: Squid vulnerability
Summary: Squid vulnerability
A flaw was discovered in Squid's handling of the TRACE request method
which could lead to a crash. Remote attackers with access to the Squid
server could send malicious TRACE requests, and cause a denial of
service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
security flaw
vendor_redhat·2007-03-20·CVSS 5.0
CVE-2007-1560 [MEDIUM] security flaw
security flaw
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
Debian
CVE-2007-1560: squid - The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6...
vendor_debian·2007·CVSS 5.0
CVE-2007-1560 [MEDIUM] CVE-2007-1560: squid - The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6...
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
Scope: local
bookworm: resolved (fixed in 2.6.5-6)
bullseye: resolved (fixed in 2.6.5-6)
forky: resolved (fixed in 2.6.5-6)
sid: resolved (fixed in 2.6.5-6)
trixie: resolved (fixed in 2.6.5-6)
GHSA
GHSA-cmwg-5hv4-pp63: The clientProcessRequest() function in src/client_side
ghsa_unreviewed·2022-05-01
CVE-2007-1560 [MEDIUM] GHSA-cmwg-5hv4-pp63: The clientProcessRequest() function in src/client_side
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
OSV
CVE-2007-1560: The clientProcessRequest() function in src/client_side
osv·2007-03-21·CVSS 5.0
CVE-2007-1560 [MEDIUM] CVE-2007-1560: The clientProcessRequest() function in src/client_side
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-1560 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2007-1560 [MEDIUM] CVE-2007-1560 security flaw
CVE-2007-1560 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
Bugzilla
CVE-2007-1560 Squid TRACE DoS
bugzilla·2007-03-21·CVSS 5.0
CVE-2007-1560 [MEDIUM] CVE-2007-1560 Squid TRACE DoS
CVE-2007-1560 Squid TRACE DoS
According to:
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt
"Due to an internal error Squid-2.6 is vulnerable to a denial
of service attack when processing the TRACE request method."
See
http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch
This may only affect Squid 2.6 and therefore only RHEL5, will need confirmation
Discussion:
I don't believe this is a security flaw. I can send a request to the squid
server. The child process does indeed die via an assertion error, but the
parent process start a new child to handle the new incoming requests. I've
mailed upstream and vendor-sec to see if I'm mistaken. I'll add a note if I'm
wrong.
---
This is going to be considered a security flaw after all. As was pointed out by
upstream, since
http://secunia.com/advisories/24611http://secunia.com/advisories/24614http://secunia.com/advisories/24625http://secunia.com/advisories/24662http://secunia.com/advisories/24911http://security.gentoo.org/glsa/glsa-200703-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:068http://www.novell.com/linux/security/advisories/2007_5_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0131.htmlhttp://www.securityfocus.com/bid/23085http://www.securitytracker.com/id?1017805http://www.squid-cache.org/Advisories/SQUID-2007_1.txthttp://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patchhttp://www.ubuntu.com/usn/usn-441-1http://www.vupen.com/english/advisories/2007/1035https://exchange.xforce.ibmcloud.com/vulnerabilities/33124https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291http://secunia.com/advisories/24611http://secunia.com/advisories/24614http://secunia.com/advisories/24625http://secunia.com/advisories/24662http://secunia.com/advisories/24911http://security.gentoo.org/glsa/glsa-200703-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:068http://www.novell.com/linux/security/advisories/2007_5_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0131.htmlhttp://www.securityfocus.com/bid/23085http://www.securitytracker.com/id?1017805http://www.squid-cache.org/Advisories/SQUID-2007_1.txthttp://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patchhttp://www.ubuntu.com/usn/usn-441-1http://www.vupen.com/english/advisories/2007/1035https://exchange.xforce.ibmcloud.com/vulnerabilities/33124https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10291
2007-03-21
Published