var-200502-0104
Vulnerability from variot
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user's browser. This issue results from insufficient sanitization of user-supplied data. Squid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 667-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq
Package : squid Vulnerability : several Problem-Type : remote Debian-specific: no CVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2005-0173
LDAP is very forgiving about spaces in search filters and this
could be abused to log in using several variants of the login
name, possibly bypassing explicit access controls or confusing
accounting.
CAN-2005-0211
The length argument of the WCCP recvfrom() call is larger than it
should be. An attacker may send a larger than normal WCCP packet
that could overflow a buffer.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody6.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-7.
We recommend that you upgrade your squid package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc
Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz
Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228
Alpha architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb
Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0
ARM architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb
Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb
Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb
Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb
Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb
Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb
Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb
Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb
Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb
Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb
Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV R0Sv6Ly/9lV7nT/fQbPRyv8= =LwDu -----END PGP SIGNATURE-----
. --------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated squid package fixes security issues Advisory ID: FLSA:152809 Issue date: 2006-02-18 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0173 CVE-2005-0174 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211 CVE-2005-0241 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-2005-1345 CVE-1999-0710 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-2796 CVE-2005-2917
- Topic:
An updated Squid package that fixes several security issues is now available.
- Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386
- Problem description:
A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0541 to this issue.
An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0832 to this issue.
iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0918 to this issue.
A buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to this issue.
An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0095 to this issue.
A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to this issue.
A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0097 to this issue.
A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0173 to this issue.
The way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0174 and CVE-2005-0175 to these issues.
When processing the configuration file, Squid parses empty Access Control Lists (ACLs) and proxy_auth ACLs without defined auth schemes in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to this issue.
A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0211 to this issue.
A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0241 to this issue.
A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue.
A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0626 to this issue.
A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to this issue.
A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to this issue.
A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-0710 to this issue.
A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1519 to this issue.
A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2479 to this issue.
Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues.
A bug was found in the way Squid handles certain request sequences while performing NTLM authentication. It is possible for an attacker to cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2917 to this issue.
Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (.rpm) if your current directory only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
- Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809
- RPMs required:
Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
- Verification:
SHA1 sum Package Name
5db383926b0358e7b1a74cd0c84d3c253fae82a6 redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm 8d2b75252ee52b9fe943d4478960e30508bae4ea redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm d90f37a598d6789876d85fc41297fb6d6957711d redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm c6f5927ebca3000a5d9cb2d52912e9ea989ee8eb redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm 4e1d0e1546e50f3f694617ce641b31230b3989ad fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm 03e318f01302e6305d368349ea778ac9f104839d fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm 9eb87b9c886d2c72d6ecefa3f70e016d65de9574 fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm 6aab32f2cb1e01196722d2ee6e980dc3915d788b fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
- References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917
- Contact:
The Fedora Legacy security contact is secnotice@fedoralegacy.org. More project details at http://www.fedoralegacy.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200502-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "squid",
"version": null
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable7"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable9"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5_stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.5.stable6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable5"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable4"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.6"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable3"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable1"
},
{
"model": "squid",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.5.stable2"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable3",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable1",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable7",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable6",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable2",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.4"
},
{
"model": "web proxy cache .stable5",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": "web proxy cache .stable4",
"scope": "eq",
"trust": 0.9,
"vendor": "squid",
"version": "2.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "weblogic server",
"scope": "lte",
"trust": 0.8,
"vendor": "bea",
"version": "8.1 sp2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "squid",
"scope": "lte",
"trust": 0.8,
"vendor": "squid cache",
"version": "2.5 stable7"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet security and acceleration server",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.1"
},
{
"model": "web proxy cache patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "squid",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.017"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.016"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "4.008"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.217"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.216"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.215"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.212"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.211"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.210"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "3.200"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.030"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.027"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.026"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.025"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.024"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.023"
},
{
"model": "security linux",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "2.016"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "netcache",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "5.2"
},
{
"model": "science foundation squid web proxy stable7",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable6",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-3",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2-2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy stable1",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy pre-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel4",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy devel2",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "science foundation squid web proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "national",
"version": "2.4"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.1"
},
{
"model": "coldfusion server mx",
"scope": "eq",
"trust": 0.3,
"vendor": "macromedia",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.3"
},
{
"model": "systems weblogic server for win32 sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server for win32",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "web proxy cache .stable9",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
},
{
"model": "web proxy cache .stable8",
"scope": "ne",
"trust": 0.3,
"vendor": "squid",
"version": "2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bea:weblogic_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:isa_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "12433"
}
],
"trust": 0.3
},
"cve": "CVE-2005-0175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0175",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0175",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#768702",
"trust": 0.8,
"value": "10.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#625878",
"trust": 0.8,
"value": "7.50"
},
{
"author": "NVD",
"id": "CVE-2005-0175",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes. plural HTTP The server (1) HTTP Line feed code in request (CR/LF) Vulnerability that headers can be divided in server responses due to improper handling of (2) There is a vulnerability that recognizes the second half of the divided header included in the first request as a response to the second request under certain conditions.An arbitrary script may be executed on the user\u0027s browser. This issue results from insufficient sanitization of user-supplied data. \nSquid versions 2.5 and earlier are reported prone to this issue. A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. \nExploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. \nWhile the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. \nThis vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. This issue is due to a failure of the affected proxy to handle CR/LF characters in HTTP requests. This may facilitate man-in-the-middle attacks as well as others. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 667-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211\n\nSeveral vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:\n\nCAN-2005-0173\n\n LDAP is very forgiving about spaces in search filters and this\n could be abused to log in using several variants of the login\n name, possibly bypassing explicit access controls or confusing\n accounting. \n\nCAN-2005-0211\n\n The length argument of the WCCP recvfrom() call is larger than it\n should be. An attacker may send a larger than normal WCCP packet\n that could overflow a buffer. \n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-7. \n\nWe recommend that you upgrade your squid package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc\n Size/MD5 checksum: 612 f585baec3cc0548a0b6d3e21d185db50\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz\n Size/MD5 checksum: 235426 85d38139f57a82f3c422421ad352e70e\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz\n Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 815424 ecbca01e45af0d55e94bcd6dc93a140a\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 75546 e3ad6d3c681293593ab8e0c3ed46e56d\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb\n Size/MD5 checksum: 60290 bd894e6b88b4155a4d79ab346ef0ecf0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 725786 00174ebf650a7becff1a974766a8ef18\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 73324 496ebaa76ff79e0b3df5032e9db249ee\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb\n Size/MD5 checksum: 58634 b036414c28e9371324b2b2112e2195ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 684246 5f932b6cd8e3fae41bee679b8f78ce9d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 73820 51b9d7d06722aa12086d5e321521c957\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb\n Size/MD5 checksum: 58322 8fceca376dc96840d11e210f2796dcb4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 953904 aeaee5d9ee53e39a3aa1e1b775d12142\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 79392 1430eda6e1c2c4b4b8b7fade39efbdc4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb\n Size/MD5 checksum: 62960 8cebaa32f4f3f17eef2d731fc4c154b3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 779494 9341bc9e4b7c39806601a378aad51d56\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 74766 8479e2a71ae184650520cf3a139bc1ad\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb\n Size/MD5 checksum: 59772 bc6dff1697cb54f3c3baa9fbb21cd49b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 666170 bfea1f097c0913615dd885cf6090ff90\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 72654 3db952c5d712e4e0a54db5215f2ae812\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb\n Size/MD5 checksum: 57868 c81e9618868ea0e82b0c2179067fe3eb\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 765316 8a18eea8fa4f5a738cf2c9415233d172\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 74292 5a6f6f6ac7dd721d9dba3478a5c478de\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb\n Size/MD5 checksum: 58946 eae54358cc4adcc85d754fbd6ca29225\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 765424 0490a5ec43851928800922afd54a2d5f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 74392 1093f566bac7bf08d1da720439234d80\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb\n Size/MD5 checksum: 59036 7846b97c6c8661b1e07889fff408b250\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 722620 0c8c21ad09813e7565022c35f87dd29c\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 73302 d86696f63adab59d1fadbd64702ca633\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb\n Size/MD5 checksum: 58522 7d812f5b516060abcdb0eb977ea85a5e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 712166 809bb77631c098b4c1f548f7d4101f88\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 73646 ff34ec95644ed86adfde338834bbe014\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb\n Size/MD5 checksum: 59084 27e215b7b647ce8fbabd1108fc9dbec4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 724716 da2925f0ab258d718872525a6a2f0a80\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 75932 5b46ca56b3274c5e4dbdab3556a85491\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb\n Size/MD5 checksum: 60956 7a2ec6fb96971c29edfabce83c0069ec\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.5 (GNU/Linux)\n\niD8DBQFCA6RvW5ql+IAeqTIRArERAJ9RzG0Oko2BOd4TdCmy066szqDWygCfdWjV\nR0Sv6Ly/9lV7nT/fQbPRyv8=\n=LwDu\n-----END PGP SIGNATURE-----\n\n. ---------------------------------------------------------------------\n Fedora Legacy Update Advisory\n\nSynopsis: Updated squid package fixes security issues\nAdvisory ID: FLSA:152809\nIssue date: 2006-02-18\nProduct: Red Hat Linux, Fedora Core\nKeywords: Bugfix\nCVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918\n CVE-2005-0094 CVE-2005-0095 CVE-2005-0096\n CVE-2005-0097 CVE-2005-0173 CVE-2005-0174\n CVE-2005-0175 CVE-2005-0194 CVE-2005-0211\n CVE-2005-0241 CVE-2005-0446 CVE-2005-0626\n CVE-2005-0718 CVE-2005-1345 CVE-1999-0710\n CVE-2005-1519 CVE-2004-2479 CVE-2005-2794\n CVE-2005-2796 CVE-2005-2917\n\n---------------------------------------------------------------------\n\n\n---------------------------------------------------------------------\n1. Topic:\n\nAn updated Squid package that fixes several security issues is now\navailable. \n\n2. Relevant releases/architectures:\n\nRed Hat Linux 7.3 - i386\nRed Hat Linux 9 - i386\nFedora Core 1 - i386\nFedora Core 2 - i386\n\n3. Problem description:\n\nA buffer overflow was found within the NTLM authentication helper\nroutine. If Squid is configured to use the NTLM authentication helper,\na remote attacker could potentially execute arbitrary code by sending a\nlengthy password. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0541 to this issue. \n\nAn out of bounds memory read bug was found within the NTLM\nauthentication helper routine. If Squid is configured to use the NTLM\nauthentication helper, a remote attacker could send a carefully crafted\nNTLM authentication packet and cause Squid to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0832 to this issue. \n\niDEFENSE reported a flaw in the squid SNMP module. This flaw could allow\nan attacker who has the ability to send arbitrary packets to the SNMP\nport to restart the server, causing it to drop all open connections. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0918 to this issue. \n\nA buffer overflow flaw was found in the Gopher relay parser. Although Gopher servers are now quite rare, a malicious\nweb page (for example) could redirect or contain a frame pointing to an\nattacker\u0027s malicious gopher server. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0094 to\nthis issue. \n\nAn integer overflow flaw was found in the WCCP message parser. It is\npossible to crash the Squid server if an attacker is able to send a\nmalformed WCCP message with a spoofed source address matching Squid\u0027s\n\"home router\". The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0095 to this issue. \n\nA memory leak was found in the NTLM fakeauth_auth helper. It is possible\nthat an attacker could place the Squid server under high load, causing\nthe NTML fakeauth_auth helper to consume a large amount of memory,\nresulting in a denial of service. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0096 to\nthis issue. \n\nA NULL pointer de-reference bug was found in the NTLM fakeauth_auth\nhelper. It is possible for an attacker to send a malformed NTLM type 3\nmessage, causing the Squid server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0097 to this issue. \n\nA username validation bug was found in squid_ldap_auth. It is possible\nfor a username to be padded with spaces, which could allow a user to\nbypass explicit access control rules or confuse accounting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0173 to this issue. \n\nThe way Squid handles HTTP responses was found to need strengthening. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the names CVE-2005-0174\nand CVE-2005-0175 to these issues. \n\nWhen processing the configuration file, Squid parses empty Access\nControl Lists (ACLs) and proxy_auth ACLs without defined auth schemes in\na way that effectively removes arguments, which could allow remote\nattackers to bypass intended ACLs. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0194 to\nthis issue. \n\nA buffer overflow bug was found in the WCCP message parser. It is\npossible that an attacker could send a malformed WCCP message which\ncould crash the Squid server or execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0211 to this issue. \n\nA bug was found in the way Squid handled oversized HTTP response\nheaders. It is possible that a malicious web server could send a\nspecially crafted HTTP header which could cause the Squid cache to be\npoisoned, presenting users with incorrect webpages. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0241 to this issue. \n\nA bug was found in the way Squid handles FQDN lookups. It was possible\nto crash the Squid server by sending a carefully crafted DNS response to\nan FQDN lookup. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. \n\nA race condition bug was found in the way Squid handles the now obsolete\nSet-Cookie header. It is possible that Squid can leak Set-Cookie header\ninformation to other clients connecting to Squid. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0626 to this issue. \n\nA bug was found in the way Squid handles PUT and POST requests. It is\npossible for an authorised remote user to cause a failed PUT or POST\nrequest which can cause Squid to crash. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-0718 to\nthis issue. \n\nA bug was found in the way Squid processes errors in the access control\nlist. It is possible that an error in the access control list could give\nusers more access than intended. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2005-1345 to\nthis issue. \n\nA bug was found in the way Squid handles access to the cachemgr.cgi\nscript. It is possible for an authorised remote user to bypass access\ncontrol lists with this flaw. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-1999-0710 to this\nissue. \n\nA bug was found in the way Squid handles DNS replies. If the port Squid\nuses for DNS requests is not protected by a firewall it is possible for\na remote attacker to spoof DNS replies, possibly redirecting a user to\nspoofed or malicious content. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2005-1519 to this\nissue. \n\nA bug was found in the way Squid displays error messages. A remote\nattacker could submit a request containing an invalid hostname which\nwould result in Squid displaying a previously used error message. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-2479 to this issue. \n\nTwo denial of service bugs were found in the way Squid handles malformed\nrequests. A remote attacker could submit a specially crafted request to\nSquid that would cause the server to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the names\nCVE-2005-2794 and CVE-2005-2796 to these issues. \n\nA bug was found in the way Squid handles certain request sequences while\nperforming NTLM authentication. It is possible for an attacker to cause\nSquid to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2917 to this issue. \n\nUsers of Squid should upgrade to this updated package, which contains\nbackported patches, and is not vulnerable to these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which\nare not installed but included in the list will not be updated. Note\nthat you can also use wildcards (*.rpm) if your current directory *only*\ncontains the desired RPMs. \n\nPlease note that this update is also available via yum and apt. Many\npeople find this an easier way to apply updates. To use yum issue:\n\nyum update\n\nor to use apt:\n\napt-get update; apt-get upgrade\n\nThis will start an interactive process that will result in the\nappropriate RPMs being upgraded on your system. This assumes that you\nhave yum or apt-get configured for obtaining Fedora Legacy content. \nPlease visit http://www.fedoralegacy.org/docs for directions on how to\nconfigure yum and apt-get. \n\n5. Bug IDs fixed:\n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809\n\n6. RPMs required:\n\nRed Hat Linux 7.3:\nSRPM:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n\nRed Hat Linux 9:\n\nSRPM:\nhttp://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\n\nFedora Core 1:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n\nFedora Core 2:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n\n\n7. Verification:\n\nSHA1 sum Package Name\n---------------------------------------------------------------------\n\n5db383926b0358e7b1a74cd0c84d3c253fae82a6\nredhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm\n8d2b75252ee52b9fe943d4478960e30508bae4ea\nredhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm\nd90f37a598d6789876d85fc41297fb6d6957711d\nredhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm\nc6f5927ebca3000a5d9cb2d52912e9ea989ee8eb\nredhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm\n4e1d0e1546e50f3f694617ce641b31230b3989ad\nfedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm\n03e318f01302e6305d368349ea778ac9f104839d\nfedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm\n9eb87b9c886d2c72d6ecefa3f70e016d65de9574\nfedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm\n6aab32f2cb1e01196722d2ee6e980dc3915d788b\nfedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm\n\nThese packages are GPG signed by Fedora Legacy for security. Our key is\navailable from http://www.fedoralegacy.org/about/security.php\n\nYou can verify each package with the following command:\n\n rpm --checksig -v \u003cfilename\u003e\n\nIf you only wish to verify that each package has not been corrupted or\ntampered with, examine only the sha1sum with the following command:\n\n sha1sum \u003cfilename\u003e\n\n8. References:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917\n\n9. Contact:\n\nThe Fedora Legacy security contact is \u003csecnotice@fedoralegacy.org\u003e. More\nproject details at http://www.fedoralegacy.org\n\n---------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
},
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#625878",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2005-0175",
"trust": 2.9
},
{
"db": "BID",
"id": "12433",
"trust": 2.7
},
{
"db": "BID",
"id": "9804",
"trust": 1.1
},
{
"db": "BID",
"id": "13435",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#768702",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066",
"trust": 0.8
},
{
"db": "SUSE",
"id": "SUSE-SA:2005:006",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050207 [USN-77-1] SQUID VULNERABILITIES",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FLSA-2006:152809",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2005-373",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2005:034",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2005:931",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-667",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:061",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "36038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44000",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"id": "VAR-200502-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T19:41:24.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APAR PQ91361",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007466"
},
{
"title": "APAR PQ90505",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24007467"
},
{
"title": "si-040819a",
"trust": 0.8,
"url": "https://www-6.ibm.com/jp/services/security/secinfo/si-040819a.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-061.html"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-060.html"
},
{
"title": "squid-2.5.STABLE7-response_splitting",
"trust": 0.8,
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/index.html#squid-2.5.STABLE7-response_splitting"
},
{
"title": "SQUID-2005_5",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2005_5.txt"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2005/TLSA-2005-24.txt"
},
{
"title": "RHSA-2005:060",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-060J.html"
},
{
"title": "RHSA-2005:061",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-061J.html"
},
{
"title": "TLSA-2005-24",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2005/TLSA-2005-24j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/12433"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/625878"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-response_splitting"
},
{
"trust": 1.9,
"url": "http://www.squid-cache.org/advisories/squid-2005_5.txt"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-061.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-060.html"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-may/msg00025.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:034"
},
{
"trust": 1.6,
"url": "http://fedoranews.org/updates/fedora--.shtml"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11605"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0175"
},
{
"trust": 0.8,
"url": "https://www.watchfire.com/securearea/whitepapers.aspx?id=8"
},
{
"trust": 0.8,
"url": "http://www.watchfire.com/resources/http-request-smuggling.pdf"
},
{
"trust": 0.8,
"url": "http://www.squid-cache.org/advisories/squid-2005_4.txt"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-034.mspx"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23625878"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0175"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13435"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9804"
},
{
"trust": 0.6,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/versions/v2/2.5/bugs/#squid-2.5.stable7-header_parsing"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-061.html"
},
{
"trust": 0.3,
"url": "http://www.astaro.org/showflat.php?cat=\u0026number=56136\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#56136"
},
{
"trust": 0.3,
"url": "http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0175"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0541"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0241"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.stable1-9.10.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2917"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1345"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/srpms/squid-2.4.stable7-0.73.3.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.stable7-0.73.3.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0718"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0626"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/srpms/squid-2.5.stable1-9.10.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0710"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/srpms/squid-2.5.stable3-2.fc1.6.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0211"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/about/security.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0174"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.stable9-1.fc2.4.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1519"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.stable3-2.fc1.6.legacy.i386.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0173"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0194"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2796"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2479"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0918"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0832"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2794"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/docs"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/srpms/squid-2.5.stable9-1.fc2.4.legacy.src.rpm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0446"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#768702"
},
{
"db": "CERT/CC",
"id": "VU#625878"
},
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"db": "PACKETSTORM",
"id": "36038"
},
{
"db": "PACKETSTORM",
"id": "44000"
},
{
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2005-02-04T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2005-02-02T00:00:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-02-06T05:17:53",
"db": "PACKETSTORM",
"id": "36038"
},
{
"date": "2006-02-20T20:39:21",
"db": "PACKETSTORM",
"id": "44000"
},
{
"date": "2005-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2005-02-07T05:00:00",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#768702"
},
{
"date": "2007-08-08T00:00:00",
"db": "CERT/CC",
"id": "VU#625878"
},
{
"date": "2007-02-22T02:16:00",
"db": "BID",
"id": "12433"
},
{
"date": "2004-03-04T00:00:00",
"db": "BID",
"id": "9804"
},
{
"date": "2005-04-23T00:00:00",
"db": "BID",
"id": "13435"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000066"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200502-008"
},
{
"date": "2024-11-20T23:54:33.840000",
"db": "NVD",
"id": "CVE-2005-0175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple devices process HTTP requests inconsistently",
"sources": [
{
"db": "CERT/CC",
"id": "VU#768702"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "12433"
},
{
"db": "BID",
"id": "9804"
},
{
"db": "BID",
"id": "13435"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.