CVE-2005-0241

Name: CVE-2005-0241
Creator: NVD / NIST
Published: 2005-05-02T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 69.66%

Last modified Jun 16, 2026

CVE-2005-0241 is a vulnerability of currently unknown severity. The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.. EPSS estimates a 69.66% chance of exploitation in the next 30 days.

Description

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Metrics

EPSS Probability

69.66%

99.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Squid	Squid	2.5.stable1
Squid	Squid	2.5.stable2
Squid	Squid	2.5.stable3
Squid	Squid	2.5.stable4
Squid	Squid	2.5.stable5
Squid	Squid	2.5.stable6
Squid	Squid	2.5.stable7

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931Patch
http://fedoranews.org/updates/FEDORA--.shtml
http://secunia.com/advisories/14091
http://www.kb.cert.org/vuls/id/823350Patch, Third Party Advisory, US Government Resource
http://www.novell.com/linux/security/advisories/2005_06_squid.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-060.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-061.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/12412
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headersPatch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patchPatch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931Patch
http://fedoranews.org/updates/FEDORA--.shtml
http://secunia.com/advisories/14091
http://www.kb.cert.org/vuls/id/823350Patch, Third Party Advisory, US Government Resource
http://www.novell.com/linux/security/advisories/2005_06_squid.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-060.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-061.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/12412
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headersPatch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patchPatch
http://www.squid-cache.org/bugs/show_bug.cgi?id=1216Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10998

Timeline

Published: May 2, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-0241?

How severe is CVE-2005-0241?

Severity scoring for CVE-2005-0241 is pending analysis. The EPSS model estimates a 69.66% probability of exploitation in the next 30 days.

How do I fix CVE-2005-0241?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-0241?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST