Vulnerability Note VU#823350
Squid fails to properly handle oversized reply headers
The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.
Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly.
The complete impact of this vulnerability is not yet known. This vulnerability is platform independent.
Apply an update
Administrators should obtain an updated version of Squid from their vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Squid||Affected||-||04 Feb 2005|
CVSS Metrics (Learn More)
Thanks to Team Squid for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.
This document was written by Ken MacInnis based primarily on information provided by Team Squid.
- CVE IDs: Unknown
- Date Public: 31 Jan 2005
- Date First Published: 04 Feb 2005
- Date Last Updated: 07 Feb 2005
- Severity Metric: 1.20
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.