CVE-2005-0241 - Secunia.com

CVE Reference: CVE-2005-0241
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-0241

Description: The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/19060 SUSE http://www.novell.com/linux/security/advisories/2005_06_squid.html SAID Secunia Advisory: SA14091 REDHAT http://www.redhat.com/support/errata/RHSA-2005-061.html http://www.redhat.com/support/errata/RHSA-2005-060.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10998 FEDORA http://fedoranews.org/updates/FEDORA--.shtml CONFIRM http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 CERT-VN 823350 BID 12412

Return to the previous page.

Secunia