ID CVE-2005-0241
Summary The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
Vulnerable Configurations
  • cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
  • cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
    cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:10:35.366-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
family unix
id oval:org.mitre.oval:def:10998
status accepted
submitted 2010-07-09T03:56:16-04:00
title Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2005:060
  • rhsa
    id RHSA-2005:061
rpms
  • squid-7:2.5.STABLE6-3.4E.3
  • squid-debuginfo-7:2.5.STABLE6-3.4E.3
  • squid-7:2.5.STABLE3-6.3E.7
  • squid-debuginfo-7:2.5.STABLE3-6.3E.7
refmap via4
bid 12412
cert-vn VU#823350
conectiva CLA-2005:931
confirm
fedora FLSA-2006:152809
secunia 14091
suse SUSE-SA:2005:006
xf squid-http-cache-poisoning(19060)
Last major update 11-10-2017 - 01:29
Published 02-05-2005 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top