Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Related bugs and status

CVE-2005-0174 (Candidate) is related to these bugs:

Bug #12600: malformed HTTP header attacks (CAN-2005-0174)

Summary				In	Importance	Status
	12600	malformed HTTP header attacks (CAN-2005-0174)		squid (Ubuntu)	High	Fix Released
	12600	malformed HTTP header attacks (CAN-2005-0174)		squid (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www3.br.squid-c...
CONFIRM: http://www.squid-cache...
FEDORA: FEDORA-2005-373
REDHAT: RHSA-2005:060
REDHAT: RHSA-2005:061
SUSE: SUSE-SA:2005:006
CERT-VN: VU#768702
FEDORA: FLSA-2006:152809
BID: 12412
MANDRAKE: MDKSA-2005:034
CONECTIVA: CLA-2005:931
BUGTRAQ: 20050207 [USN-77-1] Sq...
OVAL: oval:org.mitre.oval:de...