CVE-2005-0241

Name of the Vulnerable Software and Affected Versions Squid versions 2.5-STABLE7 and earlier

Description The issue is related to the httpProcessReplyHeader function in http.c, which does not properly set the debug context when handling oversized HTTP reply headers. This could potentially allow remote attackers to poison the cache or bypass access controls based on header size.

Recommendations For Squid versions 2.5-STABLE7 and earlier, consider disabling the httpProcessReplyHeader function as a temporary workaround until a patch is available. Restrict access to the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.