Squid.Oversized.Reply.Header.Handling
Description
It indicates a possible exploit of unspecified vulnerability in Squid Proxy.
This issue is due to the application's failure to properly handle malformed HTTP headers.
Affected Products
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Squid Web Proxy Cache 2.5 .STABLE7
Squid Web Proxy Cache 2.5 .STABLE6
Squid Web Proxy Cache 2.5 .STABLE5
Squid Web Proxy Cache 2.5 .STABLE4
Squid Web Proxy Cache 2.5 .STABLE3
Squid Web Proxy Cache 2.5 .STABLE1
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Fedora Core2
RedHat Fedora Core1
Astaro Security Linux 4.0 17
Astaro Security Linux 4.0 16
Astaro Security Linux 4.0 08
Astaro Security Linux 3.217
Astaro Security Linux 3.2 16
Astaro Security Linux 3.2 15
Astaro Security Linux 3.2 12
Astaro Security Linux 3.2 11
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
Impact
Poison the cache or bypass access controls
Recommended Actions
Apply the squid-2.5.STABLE7-header_parsing patch, available from the Squid Web Proxy Cache Web site.
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-header_parsing.patch
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |