5
CVE-2005-0241
- EPSS 69.66%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 69.66% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://fedoranews.org/updates/FEDORA--.shtml
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://www.securityfocus.com/bid/12412
http://secunia.com/advisories/14091
http://www.kb.cert.org/vuls/id/823350
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998