CVE-2005-0241

Sažetak

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
http://fedoranews.org/updates/FEDORA--.shtml
http://secunia.com/advisories/14091
http://www.kb.cert.org/vuls/id/823350
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://www.securityfocus.com/bid/12412
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

02-05-2005 - 04:00