CVE-2005-0174

Published: Feb 7, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Affected (16)

Products: Squid: Squid

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Squid Squid	Version 2.5.6
Squid Squid	Version 2.5.stable1
Squid Squid	Version 2.5.stable2
Squid Squid	Version 2.5.stable3
Squid Squid	Version 2.5.stable4
Squid Squid	Version 2.5.stable5
Squid Squid	Version 2.5.stable6
Squid Squid	Version 2.5.stable7
Squid Squid	Version 2.5_.stable1
Squid Squid	Version 2.5_.stable3
Squid Squid	Version 2.5_.stable4
Squid Squid	Version 2.5_.stable5
Squid Squid	Version 2.5_.stable6
Squid Squid	Version 2.5_stable3
Squid Squid	Version 2.5_stable4
Squid Squid	Version 2.5_stable9

References (26)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931

Source: cve@mitre.org

Vendor Advisory

http://fedoranews.org/updates/FEDORA--.shtml

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110780531820947&w=2

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/768702

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2005:034

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: cve@mitre.org

Vendor Advisory

http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/12412

Source: cve@mitre.org

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing

Source: cve@mitre.org

Vendor Advisory

http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://fedoranews.org/updates/FEDORA--.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110780531820947&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/768702

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2005:034

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_06_squid.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-060.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2005-061.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/12412

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.