Overview
The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.
Description
Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly. |
Impact
The complete impact of this vulnerability is not yet known. This vulnerability is platform independent. |
Solution
Apply an update Administrators should obtain an updated version of Squid from their vendor. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.
This document was written by Ken MacInnis based primarily on information provided by Team Squid.
Other Information
| CVE IDs: | CVE-2005-0241 |
| Severity Metric: | 1.20 |
| Date Public: | 2005-01-31 |
| Date First Published: | 2005-02-04 |
| Date Last Updated: | 2005-02-07 21:18 UTC |
| Document Revision: | 19 |