Vulnerability Details : CVE-2005-0241
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
Products affected by CVE-2005-0241
- cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0241
95.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0241
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-0241
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
404 Not Found
-
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
404 Not FoundPatch
-
http://www.redhat.com/support/errata/RHSA-2005-060.html
SupportPatch;Vendor Advisory
-
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
Squid-2.5 PatchesPatch
-
http://www.novell.com/linux/security/advisories/2005_06_squid.html
404 Page Not Found | SUSEPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/12412
-
http://fedoranews.org/updates/FEDORA--.shtml
404 Not Found
-
http://www.kb.cert.org/vuls/id/823350
VU#823350 - Squid fails to properly handle oversized reply headersPatch;Third Party Advisory;US Government Resource
-
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
Squid Web Proxy Cache HTTP header cache poisoning CVE-2005-0175 Vulnerability Report
-
http://www.redhat.com/support/errata/RHSA-2005-061.html
SupportPatch;Vendor Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
CONECTIVA | AnĂ¡lises dos Melhores Produtos Online (#10 Melhores)Patch
Jump to