CVE-2005-0241
Published May 2, 2005
Last updated 7 years ago
Overview
- Description
- The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
- Source
- security@debian.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9"
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767"
}
],
"operator": "OR"
}
]
}
]