{"vuid":"VU#823350","idnumber":"823350","name":"Squid fails to properly handle oversized reply headers","keywords":["Squid","oversized reply headers","http protocol"],"overview":"The Squid web proxy cache may be vulnerable to oversized HTTP reply headers.","clean_desc":"Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol (HTTP). A defect in the Squid HTTP handling prevents oversized reply headers relating to an HTTP protocol mismatch from being handled properly.","impact":"The complete impact of this vulnerability is not yet known. This vulnerability is platform independent.","resolution":"Apply an update\nAdministrators should obtain an updated version of Squid from their vendor. Team Squid has created a patch for the current release version of Squid: squid-2.5.STABLE7-oversize_reply_headers.patch This flaw has been patched in Squid 2.5.STABLE8-RC4. More details are available in the Squid Bugzilla bug #1216.","workarounds":"","sysaffected":"","thanks":"Thanks to \nTeam Squid\n for reporting this vulnerability, who in turn credit Marc Elsen for finding the flaw.","author":"This document was written by Ken MacInnis based primarily on information provided by Team Squid.","public":["http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers","http://www.squid-cache.org/bugs/show_bug.cgi?id=1216","http://secunia.com/advisories/14091/"],"cveids":["CVE-2005-0241"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-02-01T17:32:00Z","publicdate":"2005-01-31T00:00:00Z","datefirstpublished":"2005-02-04T21:19:06Z","dateupdated":"2005-02-07T21:18:55Z","revision":19,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"2","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.2","cam_scorecurrentwidelyknown":"1.5","cam_scorecurrentwidelyknownexploited":"2.7","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.2,"vulnote":null}