5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.965 High
EPSS
Percentile
99.6%
The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.
Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly.
The complete impact of this vulnerability is not yet known. This vulnerability is platform independent.
Apply an update
Administrators should obtain an updated version of Squid from their vendor.
Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch
This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.
823350
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 04, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch
This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23823350 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.
This document was written by Ken MacInnis based primarily on information provided by Team Squid.
CVE IDs: | CVE-2005-0241 |
---|---|
Severity Metric: | 1.20 Date Public: |