Vulnerability CVE-2005-0241

Vulnerability Name:

CVE-2005-0241 (CCN-20334)

Assigned:

2005-01-31

Published:

2005-01-31

Updated:

2017-10-11

Summary:

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Other

References:

Source: CCN
Type: SGI Security Advisory 20050207-01-U
SGI Advanced Linux Environment 3 Security Update #27

Source: MITRE
Type: CNA
CVE-2005-0241

Source: CONECTIVA
Type: Patch
CLA-2005:931

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152809

Source: CCN
Type: RHSA-2005-060
squid security update

Source: CCN
Type: RHSA-2005-061
squid security update

Source: CCN
Type: SA14091
Squid Oversized Reply Header Handling Security Issue

Source: SECUNIA
Type: UNKNOWN
14091

Source: CCN
Type: CIAC INFORMATION BULLETIN P-138
Updated Squid Package Fixes Security Issues

Source: CCN
Type: US-CERT VU#823350
Squid fails to properly handle oversized reply headers

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#823350

Source: SUSE
Type: Patch, Vendor Advisory
SUSE-SA:2005:006

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:060

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:061

Source: BID
Type: UNKNOWN
12412

Source: CCN
Type: BID-12412
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability

Source: CCN
Type: Squid Web Proxy Cache
Squid Web Proxy Cache Home page

Source: CONFIRM
Type: Patch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216

Source: CONFIRM
Type: Patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers

Source: CCN
Type: Squid Web Proxy Cache Web site
Squid-2.5 Patches

Source: CONFIRM
Type: Patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch

Source: CCN
Type: TLSA-2005-71
Multiple vulnerabilities exist in squid

Source: XF
Type: UNKNOWN
squid-http-cache-poisoning(19060)

Source: XF
Type: UNKNOWN
squid-reply-header(20334)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10998

Source: SUSE
Type: SUSE-SA:2005:006
squid: remote command execution

Source: SUSE
Type: SUSE-SA:2005:008
squid: remote denial of service

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid:squid:2.5.stable7:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

AND

cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050241	V	CVE-2005-0241	2015-11-16
oval:org.mitre.oval:def:10998	V	Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.	2013-04-29
oval:com.redhat.rhsa:def:20050060	P	RHSA-2005:060: squid security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050061	P	RHSA-2005:061: squid security update (Important)	2005-02-11

BACK