CVE-2005-0626

9 documents8 sources

Severity

2.6LOW

EPSS

0.1%

top 74.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid

Timeline

PublishedMar 8

Latest updateMay 1

Description

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid< 2.5.9-2+3

▶NVDsquid/squid2.5.stable5, 2.5.stable6, 2.5.stable7+2

🔴Vulnerability Details

GHSA

GHSA-h49j-p65c-g4qj: Race condition in Squid 2↗2022-05-01

▶

OSV

CVE-2005-0626: Race condition in Squid 2↗2005-03-08

▶

CVEList

CVE-2005-0626: Race condition in Squid 2↗2005-03-03

▶

📋Vendor Advisories

Ubuntu

Squid vulnerability↗2005-03-08

▶

Red Hat

security flaw↗2005-03-02

▶

Debian

CVE-2005-0626: squid - Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-...↗2005

▶

💬Community

Bugzilla

CVE-2005-0626 security flaw↗2018-08-16

▶

Bugzilla

Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345↗2004-10-11

▶