CVE-2005-0241 | Vulnerability Database | Aqua Security

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling oversized HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Affected Software

Name	Vendor	Start Version	End Version
Squid	Squid	2.5.stable1 (including)	2.5.stable1 (including)
Squid	Squid	2.5.stable2 (including)	2.5.stable2 (including)
Squid	Squid	2.5.stable3 (including)	2.5.stable3 (including)
Squid	Squid	2.5.stable4 (including)	2.5.stable4 (including)
Squid	Squid	2.5.stable5 (including)	2.5.stable5 (including)
Squid	Squid	2.5.stable6 (including)	2.5.stable6 (including)
Squid	Squid	2.5.stable7 (including)	2.5.stable7 (including)
Red Hat Enterprise Linux 3	RedHat	squid-7:2.5.STABLE3-6.3E.7	*
Red Hat Enterprise Linux 4	RedHat	squid-7:2.5.STABLE6-3.4E.3	*

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931
http://fedoranews.org/updates/FEDORA--.shtml
http://secunia.com/advisories/14091
http://www.kb.cert.org/vuls/id/823350
http://www.novell.com/linux/security/advisories/2005_06_squid.html
http://www.redhat.com/support/errata/RHSA-2005-060.html
http://www.redhat.com/support/errata/RHSA-2005-061.html
http://www.securityfocus.com/bid/12412
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0241
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html