aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/vuxml/vuln.xml42
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1c8d42d7a5ac..efedde2c846d 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b4d94fa0-6e38-11d9-9e1e-c296ac722cb3">
+ <topic>squid -- possible cache-poisoning via malformed HTTP
+ responses</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><lt>2.5.7_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The squid patches page notes:</p>
+ <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing">
+ <p>This patch makes Squid considerably stricter while
+ parsing the HTTP protocol.</p>
+ <ol>
+ <li>A Content-length header should only appear once in a
+ valid request or response. Multiple Content-length
+ headers, in conjunction with specially crafted requests,
+ may allow Squid's cache to be poisioned with bad content
+ in certain situations.</li>
+ <li>CR characters is only allowed as part of the CR NL
+ line terminator, not alone. This to ensure that all
+ involved agrees on the structure of HTTP headers.</li>
+ <li>Rejects requests/responses that have whitespace in an
+ HTTP header name.</li>
+ </ol>
+ </blockquote>
+ <p>To enable these strict parsing rules, update to at least
+ squid-2.5.7_9 and specify <code>relaxed_header_parser
+ off</code> in squid.conf.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing</url>
+ </references>
+ <dates>
+ <discovery>2005-01-24</discovery>
+ <entry>2005-01-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="97c3a452-6e36-11d9-8324-000a95bc6fae">
<topic>bugzilla -- cross-site scripting vulnerability</topic>
<affects>