Squid: >> Squid >> 2.5.stable6 Security Vulnerabilities
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
CVSS Score
5.0
EPSS Score
0.86
Published
2005-02-07
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
CVSS Score
5.0
EPSS Score
0.816
Published
2005-02-07
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
CVSS Score
5.0
EPSS Score
0.023
Published
2005-01-25
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
CVSS Score
5.0
EPSS Score
0.461
Published
2005-01-15
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
CVSS Score
5.0
EPSS Score
0.758
Published
2005-01-15
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
CVSS Score
5.0
EPSS Score
0.483
Published
2005-01-11
Page 2