Vulnerability Description
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squid | Squid | 2.5.stable1 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931Patch
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/14091
- http://www.kb.cert.org/vuls/id/823350PatchThird Party AdvisoryUS Government Resource
- http://www.novell.com/linux/security/advisories/2005_06_squid.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-060.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-061.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/12412
- http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_replPatch
- http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_replyPatch
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1216Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931Patch
- http://fedoranews.org/updates/FEDORA--.shtml
FAQ
What is CVE-2005-0241?
CVE-2005-0241 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote att...
How severe is CVE-2005-0241?
CVE-2005-0241 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0241?
Check the references section above for vendor advisories and patch information. Affected products include: Squid Squid.