DescriptionThe httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2005:006, published Thursday, Feb 10th 2005 13:30 MET
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:58:37 2013
CVE page last modified: Fri Oct 7 12:45:30 2022