1. CVE-Search
  2. CVE-2007-0247
ID CVE-2007-0247
Summary squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.6.stable6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 22079
confirm
fedora FEDORA-2007-092
gentoo GLSA-200701-22
mandriva MDKSA-2007:026
osvdb 39839
secunia
  • 23767
  • 23805
  • 23810
  • 23837
  • 23889
  • 23921
  • 23946
suse SUSE-SA:2007:012
trustix 2007-0003
ubuntu USN-414-1
vupen ADV-2007-0199
xf squid-multiple-dos(31523)
statements via4
contributor Mark J Cox
lastmodified 2007-07-26
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 29-07-2017 - 01:30
Published 16-01-2007 - 18:28
Last modified 29-07-2017 - 01:30
Back to Top