Oval Definition:	oval:org.mitre.oval:def:10998
Revision Date: 2013-04-29 Version: 11 Title: Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Description: The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-0241 Platform(s): CentOS Linux 3 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Product(s): Definition Synopsis OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 OR CentOS Linux 3.x AND squid is earlier than 7:2.5.STABLE3-6.3E.7 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 OR CentOS Linux 4.x OR Oracle Linux 4.x AND squid is earlier than 7:2.5.STABLE6-3.4E.3
BACK