HTTP: Squid Oversized Reply Header Handling
A known vulnerability exists in the way the Squid Web proxy/cache parses a overly large HTTP reply header. An oversized HTTP reply header could trigger unexpected behavior on the vulnerable Squid server. This flaw cannot be used to exploit the Squid proxy, however it can be used to attack a proxy client.
Extended Description
A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to the application's failure to properly handle malformed HTTP headers. The impact of this issue is currently unknown. This BID will be updated when more information becomes available.
Affected Products
Squid web_proxy_cache
References
BugTraq: 12412
CVE: CVE-2005-0241
URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
Short Name
HTTP:PROXY:SQUID-OVERSIZE-HDR
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-0241 Handling Header Oversized Reply Squid bid:12412
Release Date
03/17/2023
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Red_hat
Suse
Squid
Turbolinux
Sgi
Astaro
CVSS Score
5.0