diff options
| author | nectar <nectar@FreeBSD.org> | 2005-01-25 03:39:20 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2005-01-25 03:39:20 +0800 |
| commit | 48afa4febc914031153792c8cb16d39e2dedfa3a (patch) | |
| tree | 05c819ada0d0ebdbd789700d3fa8177072fdd4af | |
| parent | b680049adcc879038d0cb306f5ce3c90c9bf4ddd (diff) | |
| download | freebsd-ports-gnome-48afa4febc914031153792c8cb16d39e2dedfa3a.tar.gz freebsd-ports-gnome-48afa4febc914031153792c8cb16d39e2dedfa3a.tar.zst freebsd-ports-gnome-48afa4febc914031153792c8cb16d39e2dedfa3a.zip | |
Document a possible cache-poisoning issue affecting squid.
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1c8d42d7a5ac..efedde2c846d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b4d94fa0-6e38-11d9-9e1e-c296ac722cb3"> + <topic>squid -- possible cache-poisoning via malformed HTTP + responses</topic> + <affects> + <package> + <name>squid</name> + <range><lt>2.5.7_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The squid patches page notes:</p> + <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing"> + <p>This patch makes Squid considerably stricter while + parsing the HTTP protocol.</p> + <ol> + <li>A Content-length header should only appear once in a + valid request or response. Multiple Content-length + headers, in conjunction with specially crafted requests, + may allow Squid's cache to be poisioned with bad content + in certain situations.</li> + <li>CR characters is only allowed as part of the CR NL + line terminator, not alone. This to ensure that all + involved agrees on the structure of HTTP headers.</li> + <li>Rejects requests/responses that have whitespace in an + HTTP header name.</li> + </ol> + </blockquote> + <p>To enable these strict parsing rules, update to at least + squid-2.5.7_9 and specify <code>relaxed_header_parser + off</code> in squid.conf.</p> + </body> + </description> + <references> + <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing</url> + </references> + <dates> + <discovery>2005-01-24</discovery> + <entry>2005-01-24</entry> + </dates> + </vuln> + <vuln vid="97c3a452-6e36-11d9-8324-000a95bc6fae"> <topic>bugzilla -- cross-site scripting vulnerability</topic> <affects> |