Vulnerability Note VU#823350
Squid fails to properly handle oversized reply headers
Overview
The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.
Description
Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly. |
Impact
The complete impact of this vulnerability is not yet known. This vulnerability is platform independent. |
Solution
Apply an update Administrators should obtain an updated version of Squid from their vendor. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Squid | Affected | - | 04 Feb 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
- http://secunia.com/advisories/14091/
Credit
Thanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.
This document was written by Ken MacInnis based primarily on information provided by Team Squid.
Other Information
- CVE IDs: Unknown
- Date Public: 31 Jan 2005
- Date First Published: 04 Feb 2005
- Date Last Updated: 07 Feb 2005
- Severity Metric: 1.20
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.