CVE-2005-0241

NONE EPSS 99.3%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Threat Intelligence

EPSS Exploit Probability
99.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
squidsquid2.5.stable1any
squidsquid2.5.stable2any
squidsquid2.5.stable3any
squidsquid2.5.stable4any
squidsquid2.5.stable5any
squidsquid2.5.stable6any
squidsquid2.5.stable7any

References 13

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
    Patch
  • fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
  • secunia.com http://secunia.com/advisories/14091
  • kb.cert.org http://www.kb.cert.org/vuls/id/823350
    PatchThird Party AdvisoryUS Government Resource
  • novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/12412
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
    Patch
  • squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
    Patch
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998

Remediation

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
    Patch
  • kb.cert.org http://www.kb.cert.org/vuls/id/823350
    PatchThird Party AdvisoryUS Government Resource
  • novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
    PatchVendor Advisory
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
    Patch
  • squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
    Patch