Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 David MaciejakOPENVAS:136141256231080017
HistoryOct 24, 2008 - 12:00 a.m.

Squid < 2.6.STABLE12 DoS Vulnerability

2008-10-2400:00:00
Copyright (C) 2008 David Maciejak
plugins.openvas.org
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.941 High

EPSS

Percentile

99.2%

JSON

A vulnerability in TRACE request processing has been reported in
Squid.

# SPDX-FileCopyrightText: 2008 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:squid-cache:squid";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.80017");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2008-10-24 19:51:47 +0200 (Fri, 24 Oct 2008)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2007-1560");
  script_name("Squid < 2.6.STABLE12 DoS Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 David Maciejak");
  script_family("Denial of Service");
  script_dependencies("gb_squid_http_detect.nasl");
  script_mandatory_keys("squid/detected");

  script_xref(name:"URL", value:"http://www.squid-cache.org/Advisories/SQUID-2007_1.txt");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/80017");

  script_tag(name:"summary", value:"A vulnerability in TRACE request processing has been reported in
  Squid.");

  script_tag(name:"impact", value:"This flaw can be exploited by an attacker to cause a denial of
  service (DoS).");

  script_tag(name:"solution", value:"Update to version 2.6 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( egrep( pattern:"2\.([0-5]\.|6\.STABLE([0-9][^0-9]|1[01][^0-9]))", string:vers ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"2.6" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

gentoo 1
openvas 9
nessus 8
ubuntucve 1
veracode 1
prion 1
securityvulns 2
oraclelinux 1
checkpoint_advisories 2
debiancve 1
redhat 1
cvelist 1
cve 1
ubuntu 1
freebsd 1
nvd 1
gentoo
gentoo
Squid: Denial of service
2007-03-31 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200703-27 (squid)
2008-09-24 00:00:00
Oracle: Security Advisory (ELSA-2007-0131)
2015-10-08 00:00:00
Gentoo Security Advisory GLSA 200703-27 (squid)
2008-09-24 00:00:00
nessus
nessus
Squid < 2.6.STABLE12 src/client_side.c clientProcessRequest() function TRACE Request DoS
2007-03-23 00:00:00
openSUSE 10 Security Update : squid (squid-3036)
2007-10-17 00:00:00
Ubuntu 6.10 : squid vulnerability (USN-441-1)
2007-11-10 00:00:00
ubuntucve
ubuntucve
CVE-2007-1560
2007-03-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:14:58
prion
prion
Cross site request forgery (csrf)
2007-03-21 18:19:00
securityvulns
securityvulns
[ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability
2007-03-24 00:00:00
squid cache proxy DoS
2007-03-24 00:00:00
oraclelinux
oraclelinux
Moderate: squid security update
2007-06-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy TRACE Request Remote Denial of Service (CVE-2007-1560)
2007-05-03 00:00:00
HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)
2015-06-14 00:00:00
debiancve
debiancve
CVE-2007-1560
2007-03-21 18:19:00
redhat
redhat
(RHSA-2007:0131) Moderate: squid security update
2007-04-03 00:00:00
cvelist
cvelist
CVE-2007-1560
2007-03-21 18:00:00
cve
cve
CVE-2007-1560
2007-03-21 18:19:00
ubuntu
ubuntu
Squid vulnerability
2007-03-26 00:00:00
freebsd
freebsd
Squid -- TRACE method handling denial of service
2007-03-20 00:00:00
nvd
nvd
CVE-2007-1560
2007-03-21 18:19:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.941 High

EPSS

Percentile

99.2%

JSON
Related for OPENVAS:136141256231080017
gentoo1openvas9nessus8ubuntucve1veracode1prion1securityvulns2oraclelinux1checkpoint_advisories2debiancve1redhat1cvelist1cve1ubuntu1freebsd1nvd1