FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Squid -- TRACE method handling denial of service

Affected packages
2.6.* <= squid < 2.6.12

Details

VuXML ID c27bc173-d7aa-11db-b141-0016179b2dd5
Discovery 2007-03-20
Entry 2007-03-21
Modified 2010-05-12

Squid advisory 2007:1 notes:

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method.

Workarounds:

To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule.

acl TRACE method TRACE

http_access deny TRACE

[source]

References

CVE Name CVE-2007-1560
URL http://www.squid-cache.org/Advisories/SQUID-2007_1.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.