CVE-2007-1560

Description

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

How to fix CVE-2007-1560

To remediate CVE-2007-1560, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 2.6.5-6 or later

Is CVE-2007-1560 being exploited?

Likely — EPSS is 70.6%, placing CVE-2007-1560 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2.6.5-6

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1560