| Revision Date: | 2013-04-29 | Version: | 11 |
| Title: | Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. |
| Description: | The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2005-0241
|
| Platform(s): | CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND squid is earlier than 7:2.5.STABLE3-6.3E.7
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND squid is earlier than 7:2.5.STABLE6-3.4E.3
|