| Vulnerability Name: | CVE-2005-0626 (CCN-19581) | ||||||||||||||||
| Assigned: | 2005-03-02 | ||||||||||||||||
| Published: | 2005-03-02 | ||||||||||||||||
| Updated: | 2018-10-03 | ||||||||||||||||
| Summary: | Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | ||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0626 Source: FEDORA Type: UNKNOWN FLSA-2006:152809 Source: CCN Type: RHSA-2005-415 squid security update Source: REDHAT Type: UNKNOWN RHSA-2005:415 Source: BID Type: UNKNOWN 12716 Source: CCN Type: BID-12716 Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability Source: CCN Type: Squid Web Proxy Cache Web page Squid Web Proxy Cache Source: CCN Type: Squid 2.5 Patches Web page Race condition related to Set-Cookie header Source: CONFIRM Type: Vendor Advisory http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie Source: CCN Type: TLSA-2005-71 Multiple vulnerabilities exist in squid Source: CCN Type: USN-93-1 Squid vulnerability Source: XF Type: UNKNOWN squid-set-cookie-race-condition(19581) Source: XF Type: UNKNOWN squid-set-cookie-race-condition(19581) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11169 Source: UBUNTU Type: UNKNOWN USN-93-1 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||