CVE-2005-0174
EPSS 83.3%
Description
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
How to fix CVE-2005-0174
To remediate CVE-2005-0174, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 2.5.7-6 or later
Is CVE-2005-0174 being exploited?
Likely — EPSS is 83.3%, placing CVE-2005-0174 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 2.5.7-6