Intrusion Prevention

HTTP.Proxy.TRACE.Request

Description

This indicates an attack attempt against a denial-of-service vulnerability in Squid.
The vulnerability is caused by an assertion error that occurs when the vulnerable software handles a malicious TRACE request. A remote attacker may exploit this to crash the program via a crafted TRACE request.

Affected Products

Squid versions prior to 2.6.STABLE12

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to Squid version 2.6.STABLE12 :
http://www.squid-cache.org/Versions/v2/2.6/
Or apply the patch :
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE12.patch

CVE References

CVE-2007-1560