FreeBSD : squid -- correct handling of oversized HTTP reply headers (bfda39de-7467-11d9-9e1e-c296ac722cb3)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The squid patches page notes :

This patch addresses a HTTP protocol mismatch related to oversized
reply headers. In addition it enhances the cache.log reporting on
reply header parsing failures to make it easier to track down which
sites are malfunctioning.

It is believed that this bug may lead to cache pollution or allow
access controls to be bypassed.

See also :

http://bugs.squid-cache.org/show_bug.cgi?id=1216
http://www.nessus.org/u?dd387da9
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=76967
http://www.nessus.org/u?788c83ee

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19108 (freebsd_pkg_bfda39de746711d99e1ec296ac722cb3.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0241

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now