CVE-2005-0241 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-0241 Interim 1 3 2021-06-09T08:33:09Z current 2021-05-30T12:31:56Z 2021-06-09T08:33:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-0241 The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2005-02/msg00015.html E-Mail link for SUSE-SA:2005:006 https://www.suse.com/support/security/rating/ SUSE Security Ratings The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size. CVE-2005-0241 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N