Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:PROXY:SQUID-TRACE

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Squid Proxy TRACE Request Remote Denial of Service

Release Date

 2010/10/06

Update Number

 1786

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Squid Proxy TRACE Request Remote Denial of Service


This signature detects attempts to exploit a known vulnerability against the Squid proxy server. Attackers can send a specially crafted "TRACE" request that can cause the process to restart.

Extended Description

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain TRACE requests. Successfully exploiting this issue allows remote attackers to crash the affected application, denying futher service to legitimate users. This issue affects version 2.6.

Affected Products

  • Gentoo linux
  • Mandriva corporate_server 3.0.0
  • Mandriva corporate_server 3.0.0 X86 64
  • Mandriva corporate_server 4.0
  • Mandriva corporate_server 4.0.0 X86 64
  • Mandriva linux_mandrake 2006.0.0
  • Mandriva linux_mandrake 2006.0.0 X86 64
  • Mandriva linux_mandrake 2007.0
  • Mandriva linux_mandrake 2007.0 X86 64
  • Mandriva multi_network_firewall 2.0.0
  • Red_hat enterprise_linux 5 Server
  • Red_hat enterprise_linux_desktop_workstation 5 Client
  • Squid web_proxy_cache 2.6
  • Suse opensuse 10.2
  • Turbolinux appliance_server 1.0.0 Hosting Edition
  • Turbolinux appliance_server 1.0.0 Workgroup Edition
  • Turbolinux appliance_server 2.0
  • Turbolinux appliance_server_hosting_edition 1.0.0
  • Turbolinux appliance_server_workgroup_edition 1.0.0
  • Turbolinux turbolinux_server 10.0.0
  • Turbolinux turbolinux_server 10.0.0 X64
  • Turbolinux turbolinux_server 8.0.0
  • Ubuntu ubuntu_linux 6.10 Amd64
  • Ubuntu ubuntu_linux 6.10 I386
  • Ubuntu ubuntu_linux 6.10 Powerpc
  • Ubuntu ubuntu_linux 6.10 Sparc

References

  • BugTraq: 23085
  • CVE: CVE-2007-1560

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out