Lucene search

K

DebianCVELIST:CVE-2005-0241

HistoryFeb 08, 2005 - 5:00 a.m.

CVE-2005-0241

2005-02-0805:00:00

debian

www.cve.org

12

AI Score

6.3

Confidence

Low

EPSS

0.965

Percentile

99.6%

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling “oversized” HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931

fedoranews.org/updates/FEDORA--.shtml

secunia.com/advisories/14091

www.kb.cert.org/vuls/id/823350

www.novell.com/linux/security/advisories/2005_06_squid.html

www.redhat.com/support/errata/RHSA-2005-060.html

www.redhat.com/support/errata/RHSA-2005-061.html

www.securityfocus.com/bid/12412

www.squid-cache.org/bugs/show_bug.cgi?id=1216

www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers

www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

exchange.xforce.ibmcloud.com/vulnerabilities/19060

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998

AI Score

6.3

Confidence

Low

EPSS

0.965

Percentile

99.6%

Related for CVELIST:CVE-2005-0241

debiancve1 openvas6 freebsd1 cert1 cve1 checkpoint_advisories1 nessus6 nvd1 ubuntucve1 suse2 redhat2