CVE-2005-0174

Name of the Vulnerable Software and Affected Versions Squid versions 2.5 up to 2.5.STABLE7

Description The issue allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification. This includes multiple Content-Length headers, carriage return (CR) characters that are not part of a CRLF pair, and header names containing whitespace characters.

Recommendations For Squid versions 2.5 up to 2.5.STABLE7, consider updating to a version that properly handles non-standard HTTP headers to prevent cache poisoning and other attacks. As a temporary workaround, restrict access to the Squid cache to minimize the risk of exploitation.