This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PROXY:SQUID-TRACE
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Squid Proxy TRACE Request Remote Denial of Service
|
Release Date |
2010/10/06
|
Update Number |
1786
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Squid Proxy TRACE Request Remote Denial of Service
This signature detects attempts to exploit a known vulnerability against the Squid proxy server. Attackers can send a specially crafted "TRACE" request that can cause the process to restart.
Extended Description
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain TRACE requests.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying futher service to legitimate users.
This issue affects version 2.6.
Affected Products
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2006.0.0
- Mandriva linux_mandrake 2006.0.0 X86 64
- Mandriva linux_mandrake 2007.0
- Mandriva linux_mandrake 2007.0 X86 64
- Mandriva multi_network_firewall 2.0.0
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Squid web_proxy_cache 2.6
- Suse opensuse 10.2
- Turbolinux appliance_server 1.0.0 Hosting Edition
- Turbolinux appliance_server 1.0.0 Workgroup Edition
- Turbolinux appliance_server 2.0
- Turbolinux appliance_server_hosting_edition 1.0.0
- Turbolinux appliance_server_workgroup_edition 1.0.0
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 10.0.0 X64
- Turbolinux turbolinux_server 8.0.0
- Ubuntu ubuntu_linux 6.10 Amd64
- Ubuntu ubuntu_linux 6.10 I386
- Ubuntu ubuntu_linux 6.10 Powerpc
- Ubuntu ubuntu_linux 6.10 Sparc
References