The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2005-02-08T05:00:00
Updated: 2024-08-07T21:05:25.387Z
Reserved: 2005-02-08T00:00:00
Link: CVE-2005-0241
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2024-11-20T23:54:42.483
Link: CVE-2005-0241
Redhat