From 6837739eb444b6dbe3ea5ac64bdbbcf3e8ef1385 Mon Sep 17 00:00:00 2001 From: nectar Date: Tue, 8 Feb 2005 14:49:58 +0000 Subject: Add another squid issue. PR: ports/76967 Submitted by: Thomas-Martin Seck --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8e972f7329aa..26edbb5c7a24 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,40 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + squid -- correct handling of oversized HTTP reply headers + + + squid + 2.5.7_12 + + + + +

The squid patches page notes:

+
+

This patch addresses a HTTP protocol mismatch related to oversized + reply headers. In addition it enhances the cache.log reporting on + reply header parsing failures to make it easier to track down which + sites are malfunctioning.

+
+

It is believed that this bug may lead to cache pollution or + allow access controls to be bypassed.

+ + + + CAN-2005-0241 + http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 + http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch + ports/76967 + 823350 + + + 2005-01-31 + 2005-02-08 + + + python -- SimpleXMLRPCServer.py allows unrestricted traversal -- cgit