Squid fails to properly handle oversized reply headers

2005-02-0400:00:00

www.kb.cert.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.965 High

EPSS

Percentile

99.6%

JSON

Overview

The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.

Description

Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly.

Impact

The complete impact of this vulnerability is not yet known. This vulnerability is platform independent.

Solution

Apply an update

Administrators should obtain an updated version of Squid from their vendor.

Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch

This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.

Vendor Information

823350

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Squid __ Affected

Updated: February 04, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch

This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23823350 Feedback>).