CVE-2005-0241 (GCVE-0-2005-0241)
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
CWE
  • n/a
Summary
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
References
security@debian.org http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 Patch
security@debian.org http://fedoranews.org/updates/FEDORA--.shtml
security@debian.org http://secunia.com/advisories/14091
security@debian.org http://www.kb.cert.org/vuls/id/823350 Patch, Third Party Advisory, US Government Resource
security@debian.org http://www.novell.com/linux/security/advisories/2005_06_squid.html Patch, Vendor Advisory
security@debian.org http://www.redhat.com/support/errata/RHSA-2005-060.html Patch, Vendor Advisory
security@debian.org http://www.redhat.com/support/errata/RHSA-2005-061.html Patch, Vendor Advisory
security@debian.org http://www.securityfocus.com/bid/12412
security@debian.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers Patch
security@debian.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch Patch
security@debian.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 Patch
security@debian.org https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
security@debian.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
af854a3a-2127-422b-91ae-364da2661108 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931 Patch
af854a3a-2127-422b-91ae-364da2661108 http://fedoranews.org/updates/FEDORA--.shtml
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/14091
af854a3a-2127-422b-91ae-364da2661108 http://www.kb.cert.org/vuls/id/823350 Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.novell.com/linux/security/advisories/2005_06_squid.html Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.redhat.com/support/errata/RHSA-2005-060.html Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.redhat.com/support/errata/RHSA-2005-061.html Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/12412
af854a3a-2127-422b-91ae-364da2661108 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 Patch
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:05:25.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "14091",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14091"
          },
          {
            "name": "VU#823350",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/823350"
          },
          {
            "name": "12412",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12412"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
          },
          {
            "name": "oval:org.mitre.oval:def:10998",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
          },
          {
            "name": "FLSA-2006:152809",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA--.shtml"
          },
          {
            "name": "RHSA-2005:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
          },
          {
            "name": "squid-http-cache-poisoning(19060)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
          },
          {
            "name": "CLA-2005:931",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
          },
          {
            "name": "SUSE-SA:2005:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
          },
          {
            "name": "RHSA-2005:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "14091",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14091"
        },
        {
          "name": "VU#823350",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/823350"
        },
        {
          "name": "12412",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12412"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
        },
        {
          "name": "oval:org.mitre.oval:def:10998",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
        },
        {
          "name": "FLSA-2006:152809",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA--.shtml"
        },
        {
          "name": "RHSA-2005:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
        },
        {
          "name": "squid-http-cache-poisoning(19060)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
        },
        {
          "name": "CLA-2005:931",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
        },
        {
          "name": "SUSE-SA:2005:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
        },
        {
          "name": "RHSA-2005:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-0241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \"oversized\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14091",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14091"
            },
            {
              "name": "VU#823350",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/823350"
            },
            {
              "name": "12412",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12412"
            },
            {
              "name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216",
              "refsource": "CONFIRM",
              "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1216"
            },
            {
              "name": "oval:org.mitre.oval:def:10998",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998"
            },
            {
              "name": "FLSA-2006:152809",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA--.shtml"
            },
            {
              "name": "RHSA-2005:061",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
            },
            {
              "name": "squid-http-cache-poisoning(19060)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19060"
            },
            {
              "name": "CLA-2005:931",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931"
            },
            {
              "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers",
              "refsource": "CONFIRM",
              "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers"
            },
            {
              "name": "SUSE-SA:2005:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
            },
            {
              "name": "RHSA-2005:060",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
            },
            {
              "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch",
              "refsource": "CONFIRM",
              "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-0241",
    "datePublished": "2005-02-08T05:00:00",
    "dateReserved": "2005-02-08T00:00:00",
    "dateUpdated": "2024-08-07T21:05:25.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-0241\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2005-05-02T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling \\\"oversized\\\" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7183658C-0CDE-40B1-B203-8C365193724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C73406-9582-40F7-AFD9-7E9D6D94DE39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE944B8-B660-4FDB-A3F2-81F908329D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75436484-5FCD-45D3-9262-63301A2024B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D59FA7-FD38-406A-923F-68297CC4B767\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://fedoranews.org/updates/FEDORA--.shtml\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/14091\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/823350\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_06_squid.html\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-060.html\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-061.html\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/12412\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.squid-cache.org/bugs/show_bug.cgi?id=1216\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19060\",\"source\":\"security@debian.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998\",\"source\":\"security@debian.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://fedoranews.org/updates/FEDORA--.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/14091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/823350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_06_squid.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-061.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/12412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.squid-cache.org/bugs/show_bug.cgi?id=1216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…