CVE-2005-0174

Sažetak

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://fedoranews.org/updates/FEDORA--.shtml
http://marc.info/?l=bugtraq&m=110780531820947&w=2
http://www.kb.cert.org/vuls/id/768702
http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://www.securityfocus.com/bid/12412
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

07-02-2005 - 05:00