CVE-2005-0241

7 documents7 sources

Severity

5.0MEDIUM

EPSS

86.2%

top 0.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid

Timeline

PublishedMay 2

Latest updateMay 1

Description

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid< 2.5.7-7+3

▶NVDsquid/squid7 versions+6

Patches

Patch: distro.conectiva.com.br ↗Patch: www.kb.cert.org ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-7q73-vrf9-vhjw: The httpProcessReplyHeader function in http↗2022-05-01

▶

OSV

CVE-2005-0241: The httpProcessReplyHeader function in http↗2005-05-02

▶

CVEList

CVE-2005-0241: The httpProcessReplyHeader function in http↗2005-02-08

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-01-31

▶

Debian

CVE-2005-0241: squid - The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier ...↗2005

▶

💬Community

Bugzilla

CVE-2005-0241 security flaw↗2018-08-16

▶