CVE-2005-0241
NONE EPSS 99.3%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
Threat Intelligence
EPSS Exploit Probability
99.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 7
References 13
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
- fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
- secunia.com http://secunia.com/advisories/14091
- kb.cert.org http://www.kb.cert.org/vuls/id/823350
- novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
- securityfocus.com http://www.securityfocus.com/bid/12412
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
- squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
Remediation
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
- kb.cert.org http://www.kb.cert.org/vuls/id/823350
- novell.com http://www.novell.com/linux/security/advisories/2005_06_squid.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-060.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-061.html
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
- squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1216