Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0241

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0241
Last Modified 21 Aug 2010 12:25:43
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0241

Summary

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Vulnerable Systems

Application

  • Squid 2.5.stable1

  • Squid 2.5.stable2

  • Squid 2.5.stable3

  • Squid 2.5.stable4

  • Squid 2.5.stable5

  • Squid 2.5.stable6

  • Squid 2.5.stable7


References

CERT-VN - VU#823350

XF - squid-http-cache-poisoning(19060)

CONFIRM - http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

CONFIRM - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers

CONFIRM - http://www.squid-cache.org/bugs/show_bug.cgi?id=1216

REDHAT - RHSA-2005:061

REDHAT - RHSA-2005:060

SUSE - SUSE-SA:2005:006

CONECTIVA - CLA-2005:931

BID - 12412

SECUNIA - 14091

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:39:44